crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

AZL-76662 CVE-2025-68121 affecting package golang for versions less than 1.25.6-1

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

simple-git 安全漏洞

simple-git is a lightweight interface for running git commands in any node.js application. A security vulnerability exists in simple-git prior to version 3.16.0, which stems from the clone, pull, push, and listRemote methods not being properly cleaned up and escaped...

CVE-2022-25912 Remote Code Execution (RCE)

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

GHSA-9P95-FXVG-QGQ2 simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol

The package simple-git before 3.15.0 is vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol

The package simple-git before 3.15.0 is vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

CVE-2022-25912

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

Design/Logic Flaw

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

PT-2022-17600

Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.15.0 Description The issue allows for Remote Code Execution RCE when the ext transport protocol is enabled, making it exploitable via the clone method. This is due to an incomplete fix of a previous issue...

GHSA-68P4-PJPF-XWCQ insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

RUSTSEC-2021-0018 insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...