SUSE-SU-2025:02295-1 Security update for go1.24

This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118...

ALPINE-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

AZL-65076 CVE-2025-27613 affecting package git for versions less than 2.45.4-1

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

AZL-65073 CVE-2025-27613 affecting package git for versions less than 2.40.4-2

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

CVE-2025-46835

Git GUI is vulnerable to arbitrary file creation/overwrites when a user clones an untrusted repository and is tricked into editing a file under a maliciously named directory; this can affect files the user can write. The issue is fixed in Git GUI versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2...

CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

CVE-2025-27613

Gitk (the Tcl/Tk based Git history browser) is affected by CVE-2025-27613. When a user clones an untrusted repository and runs gitk without extra arguments, files that the user can write to may be created and truncated. The vulnerability is triggered by the per-file encoding option in Gitk’s Pref...

CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

Golang 1.23.x < 1.23.11 / 1.24.x < 1.24.5 Command Execution

The version of Golang running on the remote host is 1.23.x prior to 1.23.11, 1.24.x prior to 1.24.3. It is, therefore, affected by a command execution vulnerability as referenced in 74380 advisory. - Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code...

SUSE CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

SUSE CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

UBUNTU-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

GitHub: CVE-2025-27613 Gitk Arguments Vulnerability

CVE-2025-27613 is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of thi...

PT-2025-28647

Name of the Vulnerable Software and Affected Versions Git versions 2.43.7 through 2.50.1 Description Git contains a link following vulnerability stemming from inconsistent handling of carriage return characters in configuration files. This flaw allows attackers to execute arbitrary code via...

giscus 授权问题漏洞

giscus is an open source commenting system from giscus. An authorization issue vulnerability exists in giscus that originates from an unauthorized user being able to create a discussion on a repository where giscus is installed, potentially leading to unauthorized actions...

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

CVE-2025-6600

This CVE affects GitHub Enterprise Server v3.17. The issue is an information-disclosure where a user-to-server token with no scopes, used via the Search API, could disclose private repository names within an organization. Exploitation required an organization administrator to install a malicious ...

CVE-2025-53107

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...