88 matches found
CVE-2026-45571
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...
UBUNTU-CVE-2026-45571
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...
CVE-2026-45571
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...
EUVD-2026-32544
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...
Astra Linux - уязвимость в git
Git is a version control system. Before versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories containing submodules could be exploited through a bug in Git. This bug allowed an attacker to manipulate the creation of files—specifically, files that were written into the...
go-git: Crafted repositories may modify main and submodule .git directories
Impact A path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those...
GHSA-CRHJ-59GH-8X96 go-git: Crafted repositories may modify main and submodule .git directories
Impact A path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those...
CVE-2026-44114
OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...
Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hxvm-xjvf-93f3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace...
GHSA-9R9J-3R2W-FG3V Duplicate Advisory: OpenClaw: Workspace dotenv could override runtime-control environment variables
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hxvm-xjvf-93f3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace...
CVE-2026-44114
OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...
CVE-2026-41915
OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...
CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment
OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...
EUVD-2026-26121
OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...
PT-2026-31607
Disclosure from our research team at Pentest-Tools.com "It's just dev mode" is doing a lot of heavy lifting here. FuelCMS has no enforced access control on the add git submodule installer function. Dev mode on, git over SSH enabled, a valid .git directory in the root: any authenticated user can...
CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
DEBIAN-CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...