Lucene search
K

4 matches found

OSV
OSV
added 2026/05/05 7:16 p.m.5 views

GHSA-9857-6MW7-FQ2M gix-transport: HTTP credentials leaked to redirected host in curl backend

Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...

6.8CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 7:16 p.m.12 views

gix-transport: HTTP credentials leaked to redirected host in curl backend

Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/11 11:54 p.m.32 views

GHSA-M95X-M25C-W9MP XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakness only affects installations where all the following conditions appl...

7.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.3 views

PT-2023-33042 · Unknown · Xmlrpc Client

Name of the Vulnerable Software and Affected Versions: xmlrpc Client affected versions not specified Description: The issue allows an attacker to force the client to access local files or connect to undesired URLs instead of the intended target server's URL. This is possible by abusing the $metho...

6.7AI score
Exploits0References5
Rows per page
Query Builder