CVE-2026-28406

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...

EUVD-2026-9077

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...

CVE-2026-28406

CVE-2026-28406 affects kaniko up to 1.25.10. During tar extraction, build context archives were unpacked with filepath.Join(dest, cleanedName) without ensuring the final path stays inside dest, allowing a tar entry like ../outside.txt to escape the extraction root and write files outside the dest...

CLSA-2026-1768587600 git: Fix of 2 CVEs

CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

USN-7964-1 git vulnerabilities

It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. CVE-2024-50349 It was discovered that Git did not properly handle carriage return characters in it...

CLSA-2026-1768225263 Fix CVE(s): CVE-2024-52006

SECURITY UPDATE: Carriage Return characters in credential protocol - debian/patches/CVE-2024-52006.patch: fix to disallow Carriage Return characters in the credential protocol by default to prevent vulnerabilities when credential helpers interpret bare Carriage Returns as newlines - CVE-2024-5200...

CLSA-2026-1768210963 git: Fix of 2 CVEs

CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

AlmaLinux 10 : git (ALSA-2025:11533)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

EUVD-2019-2060

Malware in sbrugna...

EUVD-2020-3400

Malware in sbrugna...

git security update

An update is available for git. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

CLSA-2025-1754940005 git: Fix of CVE-2024-52006

CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

CLSA-2025-1754939766 git: Fix of CVE-2024-52006

CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

CLSA-2025-1754648780 git: Fix of CVE-2024-52006

CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

git: Newline confusion in credential helpers can lead to credential exfiltration in git

A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260...

git: Newline confusion in credential helpers can lead to credential exfiltration in git

A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260...

git: Newline confusion in credential helpers can lead to credential exfiltration in git

A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260...

SUSE-RU-2025:20362-1 Recommended update for git

This update for git fixes the following issues: - CVE-2024-50349: passwords for trusted sites could be sent to untrusted sites bsc1235600 - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers bsc1235601...

SUSE-SU-2025:20197-1 Security update for git

This update for git fixes the following issues: - CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites bsc1235600. - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers bsc1235601...

Security update for git

This update for git fixes the following issues: CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites bsc1235600. CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers bsc1235601. Patch Instructions: To install this SUSE update use the SUSE...