Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

PoC exploit for CVE-2024-32002, a remote code execution vulnerab...

Important: git

Issue Overview: A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwri...

SUSE CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

The vulnerability of the recursive cloning component of the distributed Git version control system allows a hacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the recursive cloning component of the distributed version control system Git is related to the lack of a mechanism for verifying input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, and...

git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/

An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1183)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0047)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability: - An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious...

git: arbitrary code execution via .gitmodules

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

git: arbitrary code execution via .gitmodules

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

EulerOS 2.0 SP2 : git (EulerOS-SA-2018-1215)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - arbitrary code execution when recursively cloning a malicious repository CVE-2018-11235 Note that Tenable Network Security has extracted the preceding...

Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a workaround tha...