24 matches found
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...
EUVD-2023-51105
Malicious code in bioql PyPI...
EUVD-2025-23550
Malicious code in bioql PyPI...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
GitKraken Desktop 安全漏洞
GitKraken Desktop is a cross-platform graphical Git client from GitKraken Inc. in the United States. A security vulnerability exists in GitKraken Desktop versions 10.8.0 and 11.1.0, which stems from a misconfiguration of Electron Fuses and could lead to code injection...
CVE-2025-51387
CVE-2025-51387 affects GitKraken Desktop versions 10.8.0 and 11.1.0. The root cause is misconfigured Electron Fuses: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled, allowing the application to run in Node.js mode. This configuration enables attackers to pass arguments that...
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
PT-2025-31865 · Unknown · Gitkraken Desktop
Name of the Vulnerable Software and Affected Versions: GitKraken Desktop versions 10.8.0 and 11.1.0 Description: GitKraken Desktop is susceptible to code injection due to misconfigured Electron Fuses. Insecure settings, specifically RunAsNode being enabled and EnableNodeCliInspectArguments not...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
Vulnerability of plugins for Git control and history visualization: GitKraken, GitLens, the source code editor Visual Studio Code, allowing the intruder to execute arbitrary code.
The vulnerability of the plugin for control and visualization of Git history, GitKraken, GitLens, and the source code editor Visual Studio Code is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially...
GitLens Git Local Configuration Execution Exploit
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10. This module require...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
Authorization
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
CVE-2023-46944 affects GitKraken GitLens plugins for VSCode prior to 14.0.0. A crafted file can be used to coerce the Visual Studio Code workspace trust component into executing arbitrary code, via a local attack vector. Root cause cited: insufficient input validation in GitLens workflow context ...
PT-2023-9085 · Microsoft +1 · Visual Studio Code +1
Name of the Vulnerable Software and Affected Versions: GitKraken GitLens versions prior to 14.0.0 Description: The issue is related to insufficient input validation in the GitKraken GitLens plugin for Visual Studio Code, allowing an attacker to execute arbitrary code via a crafted file. This can ...
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...