Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:50 a.m.7 views

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

7.4CVSS7.3AI score0.03148EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 7:40 p.m.9 views

GHSA-86C2-4X57-WC8G Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials

Description The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the use of the NUL \0 character and newlines to form part of the keys^1 or values. When Git reads from...

7.4CVSS6.2AI score0.03148EPSS
Exploits0References10
OSV
OSV
added 2025/01/14 6:11 p.m.5 views

CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

7.4CVSS9.1AI score0.03148EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.6 views

The vulnerability of the Python library for interacting with git repositories like gitpython, related to improper input validation, allows a malicious actor to inject a malicious remote URL address into the cloning command.

The vulnerability of the Python library for interacting with git repositories called gitpython is related to external git calls that lack proper parameter sanitization. Exploiting this vulnerability allows a malicious actor to inject a malicious remote URL address as part of a cloning command...

10CVSS7.7AI score0.05378EPSS
Exploits1References6Affected Software3
OSV
OSV
added 2022/12/06 6:30 a.m.9 views

GHSA-HCPJ-QP55-GFPH GitPython vulnerable to Remote Code Execution due to improper user input validation

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.2CVSS7.3AI score0.05378EPSS
Exploits1References20
OSV
OSV
added 2022/12/06 5:15 a.m.3 views

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.3AI score0.05378EPSS
Exploits1References8
Rows per page
Query Builder