6 matches found
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
GHSA-86C2-4X57-WC8G Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials
Description The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the use of the NUL \0 character and newlines to form part of the keys^1 or values. When Git reads from...
CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
The vulnerability of the Python library for interacting with git repositories like gitpython, related to improper input validation, allows a malicious actor to inject a malicious remote URL address into the cloning command.
The vulnerability of the Python library for interacting with git repositories called gitpython is related to external git calls that lack proper parameter sanitization. Exploiting this vulnerability allows a malicious actor to inject a malicious remote URL address as part of a cloning command...
GHSA-HCPJ-QP55-GFPH GitPython vulnerable to Remote Code Execution due to improper user input validation
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
PYSEC-2022-42992
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...