GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

GitPython: improper user input validation leads into a RCE

A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...

CVE-2023-44109

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-44109

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality...

Privilege escalation

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-44109

CVE-2023-44109 describes a clone vulnerability in the huks ta module affecting Huawei HarmonyOS environments. The vulnerability may compromise service confidentiality if exploited. The provided documents do not specify affected versions, exploit details, or a confirmed remediation/patch. Several ...

CVE-2023-44109

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality...

PT-2023-29105 · Unknown · Huks Ta Module

Name of the Vulnerable Software and Affected Versions: huks ta module affected versions not specified Description: The issue is related to a clone vulnerability in the huks ta module. Successful exploitation of this vulnerability may affect service confidentiality. Recommendations: At the moment,...

GHSA-RRJW-J4M2-MF34 gix-transport code execution vulnerability

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...

gix-transport code execution vulnerability

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...

RUSTSEC-2023-0064 gix-transport code execution vulnerability

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...

PT-2025-31032 · Unknown · Gix-Transport

Name of the Vulnerable Software and Affected Versions: gix-transport crate versions prior to 0.36.1 Description: The gix-transport crate contains a flaw that allows command execution through a crafted input string during a clone operation. Specifically, the vulnerability is triggered by the “gix...

CVE-2023-43237

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC...

Webmin Cross-Site Scripting Vulnerability

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version v2.100. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected...

kernel: seccomp: Move copy_seccomp() to no failure path

A memory leak flaw was found in the Linux kernel's seccomp subsystem. When a process using seccomp filters is interrupted by a fatal signal during clone, the seccompfilter structure and associated BPF program memory are not properly freed. This occurs because copyseccomp is called before the...

UBUNTU-CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

Eclipse JGit Security Vulnerability

Eclipse JGit is an open source Java implementation of the Eclipse Foundation for working with the Git version control system. A security vulnerability exists in Eclipse JGit 6.6.0 and earlier versions, which stems from the presence of symbolic links in specially crafted git repositories that can...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

PT-2023-35994 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported. The crash involves the org.apache.lucene.util.BytesRefBuilder constructor, and the clone methods of...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...