510 matches found
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
CVE-2026-22253 Soft Serve is missing an authorization check in LFS lock deletion
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path...
RHSA-2026:0203 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHSA-2026:0204 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHSA-2026:0199 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Soft Serve 安全漏洞
Soft Serve is a self-hosted command-line Git server from Charm Open Source. A security vulnerability exists in Soft Serve versions prior to 0.11.2, which stems from an authorization bypass in the LFS lock deletion endpoint that could lead to arbitrary lock deletion...
RHEL 9 : git-lfs (RHSA-2026:0204)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0204 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
RHEL 9 : git-lfs (RHSA-2026:0203)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0203 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
CLSA-2025-1767003835 git-lfs: Fix of CVE-2025-26625
CVE-2025-26625: prevent git lfs checkout and git lfs pull write outside repo...
RLSA-2025:23744 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
git-lfs security update
An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...
RLSA-2025:23745 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
RockyLinux 8 : git-lfs (RLSA-2025:23745)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23745 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the...