174 matches found
Remote code execution
Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...
CVE-2023-46248 Overwrite of builtin Cody commands facilitates RCE
Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...
CVE-2023-46248 Overwrite of builtin Cody commands facilitates RCE
Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...
PT-2023-29927 · Microsoft · Vscode
Name of the Vulnerable Software and Affected Versions: Cody AI VSCode extension versions 0.10.0 through 0.14.0 Description: The issue concerns Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.jso...
Arbitrary Code Execution
gitpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly validate the git executable. If a malicious repository packages a git executable, the library will default to using that executable when importing gitpython on Window. If an attacker tricks ...
RHEL 8 : git (RHSA-2023:3246)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3246 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
FreeBSD : git -- Local clone-based data exfiltration with non-local transports (9548d6ed-b1da-11ed-b0f4-002590f2a714)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9548d6ed-b1da-11ed-b0f4-002590f2a714 advisory. - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2,...
SUSE CVE-2018-12476
Relative Path Traversal vulnerability in obs-service-tarscm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise...
Design/Logic Flaw
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...
Ian Dunn: Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands
Summary Due to the improper usage of the PS1 environment variable in .bashprompt of dotfiles, a malicious repository can execute arbitrary commands when changed the current directory to it. Description The PS1 environment variable of bash supports command substitutions. For example, setting PS1 t...
CVE-2022-39253
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...
Arbitrary Code Execution
github.com/git-lfs/git-lfs is vulnerable to arbitrary code execution. A remote attacker is able to inject and execute malicious ..exe programs on targeted system when Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in any...
Git LFS can execute a Git binary from the current directory on Windows
Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-2795...
Remote Code Execution (RCE)
github.com/git-lfs/git-lfs is vulnerable to remote code execution. The vulnerability exists in 'ExecCommand' function of subprocesswindows.go which allows an attacker to inject and execute codes in the root directory of a malicious repository by simply adding an executable files...
GHSA-4G4P-42WC-9F3M Git LFS can execute a Git binary from the current directory
Impact On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This occurs because on Windows, Go includes and prefers t...
PT-2022-7022
Name of the Vulnerable Software and Affected Versions Git versions prior to 2.30.6 Git versions prior to 2.31.5 Git versions prior to 2.32.4 Git versions prior to 2.33.5 Git versions prior to 2.34.5 Git versions prior to 2.35.5 Git versions prior to 2.36.3 Git versions prior to 2.37.4 Description...
GO-2021-0073 Arbitrary command execution in github.com/git-lfs/git-lfs
Arbitrary command execution can be triggered by improperly sanitized SSH URLs in LFS configuration files. This can be triggered by cloning a malicious repository...
Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)
A remote code exeecution vulnerability was recently discovered in Git LFS: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution. Please determine if Bamboo is vulnerable. If it ...
Medium: git
Issue Overview: Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a...
CVE-2017-1000117
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...