Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from bundling build metadata...

BIT-GITLAB-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2024-3958

CVE-2024-3958 : GitLab CE/EE contains a discrepancy between the Web UI display and the git CLI that can be abused to social engineer victims into cloning non-trusted code. Affected versions are all before 17.0.6, 17.1 before 17.1.4, and 17.2 before 17.2.2. Mitigation per linked sources: GitLab fi...

CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

CVE-2024-3958

Removed by vendor...

GitLab < 17.0.6 / 17.1 < 17.1.4 / 17.2 < 17.2.2 (CVE-2024-3958)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between...

PT-2024-5509 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.0.6 GitLab CE/EE version 17.1 prior to 17.1.4 GitLab CE/EE version 17.2 prior to 17.2.2 Description: The issue allows someone to abuse a discrepancy between the Web application display and the git command lin...

CVE-2024-5023 Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0...

CVE-2024-5023 Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0...

Rocky Linux 8 : Satellite 6.12 Release (Important) (RLSA-2022:8506)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8506 advisory. - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size use...

CVE-2023-40590

A flaw was found in Python/Windows. When resolving a program, it looks for the current working directory followed by the PATH environment. GitPython defaults to use the git command if a user runs GitPython from a repo, has a git.exe, or git executable, that program will run instead of the one in...

CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API. PoC...

UBUNTU-CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...

CVE-2023-2013

CVE-2023-2013 affects GitLab CE/EE with versions starting from 1.2 up to 15.10.8, versions from 15.11 up to 15.11.7, and 16.0 up to 16.0.2. The issue arises from a discrepancy between the web application display and the Git CLI, which can be abused to social engineer victims into cloning non-trus...

CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...

Exploit for Open Redirect in Git-Scm Git

CVE-2017-1000117 借鉴使用github平台的AnonymKing/CVE-2017-1000117仓库 项目简介 + CVE-2017-1000117 漏洞的复现（PoC+Exp） + Git2.12.1 + SSH 漏洞简介： + 漏洞名称： Git命令注入漏洞 + CNNVD编号：CNNVD-201708-670 + 危害等级：中危 + CVE编号：CVE-2017-1000117 + 漏洞类型：命令注入 + 发布时间：2017-08-16...

CVE-2022-42968

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled...

AZL-10919 CVE-2022-36069 affecting package poetry 1.0.10-2

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...