37 matches found
CVE-2026-45570
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...
UBUNTU-CVE-2026-45570
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...
EUVD-2026-32546
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...
go-git 安全漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.19.1 and 6.0.0-alpha.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of SSH for transmitting commands remotely; the repository path was enclosed in...
CVE-2026-43570
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...
UNIX Symbolic Link (Symlink) Following
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the repository path handling process. An attacker can access files outside the intended repository directory by submitting crafted symlink paths...
CVE-2026-43570
CVE-2026-43570 — OpenClaw : OpenClaw 2026.3.22 before 2026.4.5 contains a symlink traversal vulnerability in the remote marketplace repository path handling that allows an attacker to escape the repository root by providing crafted symlink paths. The affected component is the remote marketplace r...
CVE-2026-43570 OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...
CVE-2026-43570 OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...
PT-2026-37025
OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...
gleam 安全漏洞
Gleam is an open-source, type-safe, extensible system construction language developed by Gleam. There are security vulnerabilities in Gleam versions 1.9.0-rc1 and earlier, up to 1.16.0-rc1, due to improper path validation when handling git dependencies. These vulnerabilities could lead to arbitra...
GHSA-5G3J-89FR-R2VP skilleton has improper input handling in repository/path processing
Summary skilleton versions prior to 0.3.1 include security-related weaknesses in repository normalization and path handling logic. Version 0.3.1 contains fixes and additional test coverage for these issues. Affected Versions =0.3.1 Impact In affected versions, crafted input could trigger unsafe o...
GO-2026-4842 SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel
SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel...
GO-2026-4719 Romeo is vulnerable to Archive Slip due to missing checks in sanitization in github.com/ctfer-io/romeo/webserver
Romeo is vulnerable to Archive Slip due to missing checks in sanitization in github.com/ctfer-io/romeo/webserver...
GO-2026-4718 Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace in github.com/ctfer-io/chall-manager/deploy
Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace in github.com/ctfer-io/chall-manager/deploy...
Ubuntu: Security Advisory (USN-5376-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-68145
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
GHSA-J22H-9J4X-23W5 mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145
The CVE-2025-68145 issue affects mcp-server-git when started with the --repository flag. The root cause is missing validation of repo_path in subsequent tool calls, allowing operations on repositories outside the configured path. The fix adds path validation that resolves both the configured repo...