Lucene search
K

13 matches found

NVD
NVD
added yesterday8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS
Exploits0References3
CVE
CVE
added yesterday17 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday32 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

Exploits0References2
OSV
OSV
added yesterday3 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2072

Malicious code in bioql PyPI...

5.7CVSS5.8AI score0.0046EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.8 views

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS5.5AI score0.0046EPSS
Exploits0
NVD
NVD
added 2024/06/18 5:15 p.m.55 views

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS0.0046EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/18 5:7 p.m.10 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS5.5AI score0.0046EPSS
Exploits0References4
CVE
CVE
added 2024/06/18 5:7 p.m.57 views

CVE-2024-37904

CVE-2024-37904 affects Minder’s Git provider, which can be DoS’d by cloning a large or malicious repository into memory via go-git/go-git/v5. The root cause is that user-controlled Git URLs are cloned without a repository size limit and the entire repo is loaded into memory, enabling memory exhau...

5.7CVSS5.5AI score0.0046EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/18 5:7 p.m.43 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS0.0046EPSS
Exploits0References4
OSV
OSV
added 2024/06/18 5:7 p.m.19 views

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS5.7AI score0.0046EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.19 views

SaltStack Salt Security Vulnerabilities

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3005.2 or 3006.2, which stems from the Git provider progra...

7.8CVSS6.6AI score0.00286EPSS
Exploits0References3
OSV
OSV
added 2021/08/25 7:15 p.m.5 views

PYSEC-2021-371

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input...

9.8CVSS8.9AI score0.01928EPSS
Exploits0References2
Rows per page
Query Builder