Lucene search
+L

174 matches found

prion
prion
added 2023/10/31 4:15 p.m.22 views

Remote code execution

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

6.5CVSS8.9AI score0.0109EPSS
Exploits1References2Affected Software1
osv
osv
added 2023/10/31 3:11 p.m.23 views

CVE-2023-46248 Overwrite of builtin Cody commands facilitates RCE

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

9CVSS9AI score0.0109EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2023/10/31 3:11 p.m.23 views

CVE-2023-46248 Overwrite of builtin Cody commands facilitates RCE

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

9CVSS8.2AI score0.0109EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/10/31 12:0 a.m.10 views

PT-2023-29927 · Microsoft · Vscode

Name of the Vulnerable Software and Affected Versions: Cody AI VSCode extension versions 0.10.0 through 0.14.0 Description: The issue concerns Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.jso...

9CVSS9AI score0.0109EPSS
Exploits1References6
veracode
veracode
added 2023/09/01 8:49 a.m.29 views

Arbitrary Code Execution

gitpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly validate the git executable. If a malicious repository packages a git executable, the library will default to using that executable when importing gitpython on Window. If an attacker tricks ...

7.8CVSS7.8AI score0.00465EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2023/05/22 12:0 a.m.40 views

RHEL 8 : git (RHSA-2023:3246)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3246 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

7.8CVSS7.5AI score0.51883EPSS
Exploits5References12
nessus
nessus
added 2023/02/21 12:0 a.m.41 views

FreeBSD : git -- Local clone-based data exfiltration with non-local transports (9548d6ed-b1da-11ed-b0f4-002590f2a714)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9548d6ed-b1da-11ed-b0f4-002590f2a714 advisory. - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2,...

5.5CVSS7.1AI score0.01336EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12476

Relative Path Traversal vulnerability in obs-service-tarscm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise...

7.5CVSS6.6AI score0.01026EPSS
Exploits0References7
prion
prion
added 2023/02/14 8:15 p.m.30 views

Design/Logic Flaw

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

1.9CVSS6.6AI score0.01336EPSS
Exploits1References4Affected Software1
hackerone
hackerone
added 2022/11/28 3:59 a.m.28 views

Ian Dunn: Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

Summary Due to the improper usage of the PS1 environment variable in .bashprompt of dotfiles, a malicious repository can execute arbitrary commands when changed the current directory to it. Description The PS1 environment variable of bash supports command substitutions. For example, setting PS1 t...

1.3AI score
Exploits0
alpinelinux
alpinelinux
added 2022/10/19 12:0 a.m.68 views

CVE-2022-39253

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

5.5CVSS6.7AI score0.01336EPSS
Exploits1
veracode
veracode
added 2022/04/21 8:41 a.m.23 views

Arbitrary Code Execution

github.com/git-lfs/git-lfs is vulnerable to arbitrary code execution. A remote attacker is able to inject and execute malicious ..exe programs on targeted system when Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in any...

9.8CVSS3.2AI score0.02144EPSS
Exploits0References4Affected Software1
github
github
added 2022/02/15 12:30 a.m.50 views

Git LFS can execute a Git binary from the current directory on Windows

Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-2795...

10CVSS3.5AI score0.82715EPSS
Exploits14References7Affected Software1
veracode
veracode
added 2022/02/14 9:57 a.m.35 views

Remote Code Execution (RCE)

github.com/git-lfs/git-lfs is vulnerable to remote code execution. The vulnerability exists in 'ExecCommand' function of subprocesswindows.go which allows an attacker to inject and execute codes in the root directory of a malicious repository by simply adding an executable files...

9.8CVSS4.3AI score0.82715EPSS
Exploits14References10Affected Software1
osv
osv
added 2022/02/11 11:39 p.m.28 views

GHSA-4G4P-42WC-9F3M Git LFS can execute a Git binary from the current directory

Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This occurs because on Windows, Go includes and prefers t...

9.8CVSS8.9AI score0.82715EPSS
Exploits14References6
ptsecurity
ptsecurity
added 2021/08/05 12:0 a.m.4 views

PT-2022-7022

Name of the Vulnerable Software and Affected Versions Git versions prior to 2.30.6 Git versions prior to 2.31.5 Git versions prior to 2.32.4 Git versions prior to 2.33.5 Git versions prior to 2.34.5 Git versions prior to 2.35.5 Git versions prior to 2.36.3 Git versions prior to 2.37.4 Description...

5.5CVSS6.2AI score0.01336EPSS
Exploits1References98
osv
osv
added 2021/04/14 8:4 p.m.31 views

GO-2021-0073 Arbitrary command execution in github.com/git-lfs/git-lfs

Arbitrary command execution can be triggered by improperly sanitized SSH URLs in LFS configuration files. This can be triggered by cloning a malicious repository...

8.8CVSS8.6AI score0.03677EPSS
Exploits1References4
atlassian
atlassian
added 2021/03/26 5:2 p.m.45 views

Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...

10CVSS1.3AI score0.82715EPSS
Exploits14
amazon
amazon
added 2021/03/26 12:0 a.m.30 views

Medium: git

Issue Overview: Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a...

8CVSS8AI score0.88644EPSS
Exploits5
redhatcve
redhatcve
added 2021/03/20 8:53 p.m.37 views

CVE-2017-1000117

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...

8.8CVSS1.3AI score0.77823EPSS
Exploits9References2
Rows per page
Query Builder