10 matches found
PT-2026-52513
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm passes the git resolution.commit value from the lockfile to the git fetch command without using a -- separator or performing commit-format validation. When git...
CVE-2026-3515
A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...
SUSE CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
Gogs: Release tag option injection in release deletion
Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...
EUVD-2026-9852
Gogs: Release tag option injection in release deletion...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194
Gogs prior to v0.14.2 contains a vulnerability where deleting a release can fail when a user-controlled tag name is passed to git without the proper separator. This allows git options to be injected and can disrupt the process, impacting availability (and to a lesser extent confidentiality/integr...
CVE-2023-26143
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...
Bundler 参数注入漏洞
Bundler is a package for managing application dependencies in Ruby. It provides a consistent environment for Ruby projects by tracking and installing the exact gem and version required. Bundler suffers from a code injection vulnerability that stems from the fact that when using Gemfile, an attack...