Lucene search
K

4 matches found

CVE
CVE
added 6 days ago17 views

CVE-2026-55448

CVE-2026-55448 is confirmed across multiple sources as a local command-exécution vulnerability in the mise tool. An attacker who can place a repository-local .mise.toml can have mise load github.credential_command from local project config and execute its value via sh -c when resolving a GitHub t...

6.3CVSS6AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55448

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...

6.3CVSS6AI score0.00159EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 6:24 p.m.12 views

Mise's local credential_command executes untrusted config

Summary mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a repository can execute arbitrary shell commands when the victim runs a GitHub-related mis...

6.3CVSS6.3AI score0.00159EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/01/17 6:37 a.m.9 views

Credentials Exposure

github.com/git-lfs/git-lfs is vulnerable to Credential Exposure. The vulnerability is due to improper handling of URL-encoded control characters in Git LFS, which passes portions of a host's URL containing embedded line-ending control characters e.g., LF or CR to the git-credential command withou...

8.5CVSS6.7AI score0.0104EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder