73 matches found
CVE-2019-10776
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...
FreeBSD : Gitlab -- Multiple Vulnerabilities (b17c86b9-e52e-11e9-86e9-001b217b3468)
SO-AND-SO reports : XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones Disclosu...
Gitlab -- Multiple Vulnerabilities
The GitLab Team reports: XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones...
GitLab: Git flag injection - local file overwrite to remote code execution
Summary The wikiblobs scope of the Search API can be provided with an arbitrary ref parameter, allowing for additional flags to be injected into the git command. For example the following API call: curl --header "PRIVATE-TOKEN: $TOKEN"...
SUSE-SU-2018:4190-1 Security update for git
This update for git fixes the following issues: Security issue fixed: - CVE-2018-19486: Fixed git that executed commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was bsc1117257...
Fedora 27 : fedpkg / rpkg (2017-9cac2b8b4a)
Update - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg rpkg - Ignore TestModulesCli if openidc-client is unavailable cqi - Port mbs-build to rpkg mprahl - Add .vscode to .gitignore mprahl - Fix TestPatch.testrediff in order to run with old version of mock cqi - Allow t...
git: Command injection via malicious ssh URLs
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...
Git: Command injection
Background Git is a small and fast distributed version control system designed to handle small and large projects. Description Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the...
git: Command injection via malicious ssh URLs
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...
git: Command injection via malicious ssh URLs
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...
Command injection
PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...
CVE-2010-0394
PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...
CVE-2010-0394
PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...