10 matches found
CVE-2026-52806
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...
EUVD-2026-39001
Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...
PT-2026-48391
Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.08.06.08.12.stable 00 through 0.2026.05.06.15.41.stable 01 Description A command injection exists in the prompt branch selector. An attacker who publishes a crafted branch name to a Git repository can execute arbitrary...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
UBUNTU-CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
PT-2026-21303
Name of the Vulnerable Software and Affected Versions Liquid Prompt affected versions not specified Description Liquid Prompt, an adaptive prompt for Bash and Zsh, contains a flaw where arbitrary command injection can lead to code execution. This occurs when a user enters a directory within a Git...
CVE-2021-22196
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name...
PT-2023-31945 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab that allows a malicious actor to bypass prohibited branch checks using a specially...
Ian Dunn: Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands
Summary Due to the improper usage of the PS1 environment variable in .bashprompt of dotfiles, a malicious repository can execute arbitrary commands when changed the current directory to it. Description The PS1 environment variable of bash supports command substitutions. For example, setting PS1 t...
PT-2021-14907 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 and later Description: An issue has been discovered in GitLab CE/EE, where it was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. Recommendations: For GitLa...