71 matches found
CVE-2023-44109
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2023-44109
CVE-2023-44109 describes a clone vulnerability in the huks ta module affecting Huawei HarmonyOS environments. The vulnerability may compromise service confidentiality if exploited. The provided documents do not specify affected versions, exploit details, or a confirmed remediation/patch. Several ...
PT-2023-29105 · Unknown · Huks Ta Module
Name of the Vulnerable Software and Affected Versions: huks ta module affected versions not specified Description: The issue is related to a clone vulnerability in the huks ta module. Successful exploitation of this vulnerability may affect service confidentiality. Recommendations: At the moment,...
GHSA-PR76-5CM5-W9CJ GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...
Git clone remote code execution vulnerability in git-for-windows
...
CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...
Simple Git 操作系统命令注入漏洞
Simple Git is a lightweight interface from Steve King Personal Developer in the UK. It is used to run Git commands in any Node.js application. An operating system command injection vulnerability exists in Simple Git versions prior to 3.15.0, which stems from vulnerability to Remote Code Execution...
Remote Code Execution (RCE)
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due t...
UBUNTU-CVE-2022-3283
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...
-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +13395 more potentially affected by CVE-2022-25900 via git-clone (>=0.0.2 <=0.2.0)
git-clone NPM version =0.0.2, =1.0.0, =0.0.1, =1.0.0, =1.0.11 and more Source cves: CVE-2022-25900 Source advisory: OSV:GHSA-8JMW-WJR8-2X66...
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...
PT-2022-17595
Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...
Missing Authorization
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization via the bugactiongroup.php process. An attacker, with rights to create new issues, can clone any private issue, including all bugnotes and attachments, by manipulating the...
CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/block-dev-basename in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary...
CVE-2022-24066
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...
-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +13395 more potentially affected by CVE-2022-25900 via git-clone (>=0.0.2 <=0.2.0)
git-clone NPM version =0.0.2, =1.0.0, =0.0.1, =1.0.0, =1.0.11 and more Source cves: CVE-2022-25900 Source advisory: SNYK:JS-GITCLONE-2434308...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...
In Docker before 18.09.4 an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs and results in command injection into the underlying "git clone" command leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.
...
PT-2020-4343 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.1 Description: The issue is related to the Clone feature in the GLPI system, which is vulnerable due to incorrect neutralization of special elements used in SQL queries. This allows a remote attacker to execute...
SUSE-SU-2019:3311-1 Security update for git
This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. - CVE-2019-19604: Fixed a recursive clone...