1749 matches found
cmd/go: Go VCS Command Execution Vulnerability
A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...
cmd/go: Go VCS Command Execution Vulnerability
A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...
cmd/go: Go VCS Command Execution Vulnerability
A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...
Improper Access Control
@finos/git-proxy is vulnerable to improper access control. The vulnerability is due to bypassing policies and explicit approvals when pushing to remote repositories, which allows an attacker to push code containing secrets or unwanted changes without required checks or plugin execution...
CLSA-2025-1754941109 git: Fix of CVE-2025-27613
CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later...
CLSA-2025-1754940505 git: Fix of CVE-2025-27613
CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later...
CLSA-2025-1754940262 Fix CVE(s): CVE-2024-46901
SECURITY UPDATE: Insufficient validation of filenames against control characters in repositories served via moddavsvn - debian/patches/CVE-2024-46901.patch: fix moddavsvn denial-of-service via control characters in paths...
ROS-20250808-06
A vulnerability in the Golang programming language is related to the handling of untrusted version control system VCS repositories that contain malicious configuration. Version Control System VCS repositories containing malicious configuration. Exploitation of the vulnerability could allow an...
Important: golang
Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1104 --releasever 2023.8.20250808 to update your system. More...
Important: git
Issue Overview: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1104)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1104 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...
Important: golang
Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...
Important: git
Issue Overview: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of...
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
AZL-66101 CVE-2025-4674 affecting package golang for versions less than 1.22.7-5
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
DEBIAN-CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
UBUNTU-CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674
CVE-2025-4674 affects the Go toolchain (cmd/go) and its handling of VCS metadata. The issue arises when the Go command operates in untrusted VCS repositories that contain metadata from a different VCS, potentially enabling unexpected command execution. The affected component is the Go toolchain i...