PYSEC-2023-137

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-2013

CVE-2023-2013 affects GitLab CE/EE with versions starting from 1.2 up to 15.10.8, versions from 15.11 up to 15.11.7, and 16.0 up to 16.0.2. The issue arises from a discrepancy between the web application display and the Git CLI, which can be abused to social engineer victims into cloning non-trus...

Stored XSS via Markdown Comment

Description Register one account on blog, if account was actived, it can be comment. \ We can commment with markdown.\ When another user clicks on the comment there may be an XSS alert. I git clone project and build with docker. Latest commit is: 07a1ded08eb4e0c6979f6aeebc35f3864ba250a7\ \ Proof ...

SUSE CVE-2009-2848

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-clearchildtid pointer, which allows local users to cause a denial of service memory corruption or possibly gain privileges via a clone system call with CLONECHILDSETTID or...

GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability

...

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-1356)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and...

Remote Code Execution (RCE)

simple-git is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improper sanitization of the clone, pull, push and listRemote methods which allows an attacker to execute arbitrary code...

[SECURITY] Fedora 37 Update: rust-bat-0.21.0-6.fc37

Cat1 clone with wings...

CVE-2022-41953

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

AZL-13025 CVE-2022-41953 affecting package git for versions less than 2.33.8-2

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

CVE-2022-39253

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

Prototype Pollution

@hapi/hoek is vulnerable to prototype pollution. The function internals.clone allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype...

Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that...

GHSA-5J8W-R7G8-5472 Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...