RHEL 8 : git-lfs (RHSA-2025:0845)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:0845 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 For mo...

Git LFS permits exfiltration of credentials via crafted HTTP URLs

Impact When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host...

CVE-2024-53263

Git LFS (Git Large File Storage) is affected by CVE-2024-53263. The vulnerability arises when Git LFS requests credentials from Git for a remote host and passes portions of the host URL to git-credential(1) without sanitizing embedded line-ending control characters. An attacker could insert URL-e...

CVE-2024-53263 Git LFS permits exfiltration of credentials via crafted HTTP URLs

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...