10 matches found
UBUNTU-CVE-2026-45571
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...
EUVD-2026-32546
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...
CVE-2026-45570
Technical details beyond the initial description are not present in the connected documents; monitor for updates.
CVE-2026-45571
Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...
BIT-NODE-MIN-2023-23936 CRLF Injection in Nodejs ‘undici’ via host
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...
Node.js: Regular Expression Denial of Service in Headers fetch API
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...
SUSE CVE-2023-23936
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...
DEBIAN-CVE-2023-24807
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...
Crlf injection
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...
CVE-2022-0130
CVE-2022-0130 affects Tenable.sc 5.14.0–5.19.1, enabling remote code execution when an attacker can stage a specific file type in the web server root prior to exploitation. Red Hat and third-party advisories corroborate the RCE vector and affected range. Impact is high (per CVSS 3.1: Network, Pri...