EulerOS 2.0 SP10 : git (EulerOS-SA-2022-1520)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as...

Github Git 操作系统命令注入漏洞

Github Git is a free, open source distributed version control system. An operating system command injection vulnerability exists in Github Git, which stems from the lack of cleanup functionality in the Git.git method, allowing the execution of operating system commands instead of just the git...

push-dir Enables OS Command Injection

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.jsL139. This could be abused by an attacker to inject arbitrary commands...

GHSA-926X-M6M5-3MMP push-dir Enables OS Command Injection

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.jsL139. This could be abused by an attacker to inject arbitrary commands...

ALPINE-CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

CVE-2021-43809

Bundler is a package for managing application dependencies in Ruby. In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself...

Command injection

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line...

CVE-2020-13316

CVE-2020-13316 affects GitLab versions before 13.1.10, 13.2.8, and 13.3.4. The root cause is that Deploy-Token validation was not performed, allowing access to a disabled repository via a git command line. The impact is exposure of otherwise inaccessible repositories, enabling an attacker with ne...

OS Command Injection

git-diff-apply is vulnerable to OS command injection. Lack of validation of untrusted input allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in the diff function as a git command...

Code Injection in keymetrics/vizion

Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...

CVE-2019-10803

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...

CVE-2019-10803

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...

Command injection

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...

CVE-2019-10803

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...

Command Injection

Overview push-dir is a package to push the contents of a directory to a remote branch. Affected versions of this package are vulnerable to Command Injection. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.jsL139. This...

Command injection

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

Command injection

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...