3096 matches found
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
GHSA-PR45-CG4X-FF4M ggit is vulnerable to Arbitrary Argument Injection via the clone() API
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21533
GGIT is affected across all versions by Arbitrary Argument Injection via the clone() API. The root cause is failure to sanitize user input and validate URL schemes, plus improper handling of git command-line flags (using -- to end options). Public details include a PoC from Snyk and a GitHub gist...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
Command Injection
git-shallow-clone is vulnerable to Command injection. The vulnerability is due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. which allows malicious inputs to be executed as system commands...
firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...
firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...
firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...
firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...
PT-2024-18947 · Ggit · Ggit
Name of the Vulnerable Software and Affected Versions: ggit versions all Description: The issue concerns Arbitrary Argument Injection via the clone API. This API allows specifying the remote URL to clone and the file on disk to clone to. However, the library fails to sanitize user input or valida...
PT-2024-38167
Name of the Vulnerable Software and Affected Versions: eWeLink affected versions not specified Description: A local attacker can decrypt TLS communication and extract secrets to clone the device via flashing modified firmware due to a missing SSL pinning implementation. Recommendations: At the...
CLSA-2024-1728056367 Fix CVE(s): CVE-2024-32465
SECURITY UPDATE: Bypass of protections in untrusted repositories - debian/patches/CVE-2024-32465.patch: Disable lazy-fetching by default in upload-pack to prevent arbitrary command execution during clone/fetch - CVE-2024-32465...
firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...
firefox: thunderbird: Potential memory corruption may occur when cloning certain objects
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...
PT-2024-40274 · Saltcorn · Saltcorn
Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to the fixed version Description: The issue arises from the use of user-controlled data in the git clone command without proper validation, leading to a command injection vulnerability. This allows an attacker with adm...
UBUNTU-CVE-2024-9396
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...