PT-2025-28866

Name of the Vulnerable Software and Affected Versions: git in Debian Linux affected versions not specified Description: A flaw exists in Git GUI that allows for the creation and overwriting of arbitrary writable files. This occurs when a user clones an untrusted repository and is subsequently...

MAL-2024-11318 Malicious code in byted-guides (npm)

--- -= Per source details. Do not edit below this line.=-...

Security update for obs-scm-bridge

This update for obs-scm-bridge fixes the following issues: Updated to version 0.5.4: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

SUSE-SU-2024:4212-1 Security update for obs-scm-bridge

This update for obs-scm-bridge fixes the following issues: Updated to version 0.5.4: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469...

Amazon Linux : Enabled Official Repositories and Extras

The remote host is using one or more Amazon Linux repositories to install packages. These repositories may be used in conjuntion with Amazon Linux OS package level assessment security advisories to determine whether or not relevant repositories are installed before checking package versions for...

This Week in Spring - December 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...

Extending Spring Data Repositories Just Got Easier

Since its inception, Spring Data Repositories have been designed for extension, whether you want to customize a single query method or provide a completely new base implementation. The 2024.1 release enhances your ability to extend a repository with custom functionality making it easier than ever...

CVE-2024-22038

Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service...

CVE-2024-22038 DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge

Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service...

CVE-2024-22038 DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge

Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service...

CVE-2024-53858

CVE-2024-53858 affects the gh CLI (GitHub CLI) and can leak authentication tokens when cloning repositories that contain git submodules hosted outside GitHub.com/ghe.com. The root cause is that certain gh commands (e.g., gh repo clone, gh repo fork, gh pr checkout) invoke git in a way that retrie...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

Bootiful Spring Boot 3.4: Spring Batch

The new release of Spring Batch 5.2 has a ton of features! Spring Batch is a compelling way to handle large but finite sequential data access. Think: reading from an SQL database and writing to a CSV, or reading from an FTP server and writing out an analysis of a MongoDB - batch processing. You...

SUSE CVE-2024-22038

Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service...

CLSA-2024-1731432257 Fix CVE(s): CVE-2024-32020

SECURITY UPDATE: When performing a local clone of a repository we end up either copying or hardlinking the source repository into the target repository. - debian/patches/CVE-2024-32020.patch: builtin/clone: refuse local clones of unsafe repositories - CVE-2024-32020...

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

jj vulnerable to path traversal via crafted Git repositories

Impact Specially crafted Git repositories can cause jj to write files outside the clone. Patches Fixed in 0.23.0. Workarounds Not much other than to not clone repositories from untrusted sources. References Here's the original report from @joernchen: When cloning a crafted Git repository it is...

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2024-51990 Path traversal via crafted Git repositories in jj

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2024-51990 Path traversal via crafted Git repositories in jj

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...