Lucene search
+L

10 matches found

OSV
OSV
added 2026/05/27 3:16 p.m.11 views

UBUNTU-CVE-2026-45571

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 2:59 p.m.19 views

EUVD-2026-32546

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

2.3CVSS5.8AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:59 p.m.28 views

CVE-2026-45570

Technical details beyond the initial description are not present in the connected documents; monitor for updates.

9.6CVSS5.8AI score0.00365EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:57 p.m.34 views

CVE-2026-45571

Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/12/16 2:0 p.m.9 views

BIT-NODE-MIN-2023-23936 CRLF Injection in Nodejs ‘undici’ via host

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS6.7AI score0.01129EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/10/09 10:29 a.m.3 views

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.2AI score0.01304EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/21 1:59 a.m.2 views

SUSE CVE-2023-23936

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS7AI score0.01129EPSS
Exploits1References10
OSV
OSV
added 2023/02/16 6:15 p.m.2 views

DEBIAN-CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7AI score0.01304EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 6:15 p.m.25 views

Crlf injection

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

5.8CVSS6.4AI score0.01129EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2022/01/14 7:11 p.m.92 views

CVE-2022-0130

CVE-2022-0130 affects Tenable.sc 5.14.0–5.19.1, enabling remote code execution when an attacker can stage a specific file type in the web server root prior to exploitation. Red Hat and third-party advisories corroborate the RCE vector and affected range. Impact is high (per CVSS 3.1: Network, Pri...

8.1CVSS8.5AI score0.01613EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder