4 matches found
EUVD-2026-42273
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...
CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...
PT-2021-23007 · Snipe-It · Snipe-It
Name of the Vulnerable Software and Affected Versions: snipe-it versions prior to 5.3.4 Description: The issue is related to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the "/models/id/clone" endpoint due to no authorize'view...
Improper Access Control in snipe/snipe-it
Description Regular users with DENY set to all models permissions can still view model information via the /models/id/clone endpoint due to no authorize'view' permission being set. Proof of Concept 1: Create regular user and set DENY to all permissions in asset models. 2: Login as the user 3:...