107 matches found
EUVD-2022-25261
Malicious code in bioql PyPI...
EUVD-2024-2874
Malicious code in bioql PyPI...
EUVD-2024-2833
Malicious code in bioql PyPI...
EUVD-2023-2406
Malicious code in bioql PyPI...
EUVD-2022-5932
Malicious code in bioql PyPI...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
CVE-2021-32546
Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...
Prototype Pollution
Overview org.webjars.npm:parse-git-config is a Parse .git/config into a JavaScript object. sync or async. Affected versions of this package are vulnerable to Prototype Pollution via the expandKeys function. An attacker can obtain sensitive information by exploiting the improper handling of key...
Linux Distros Unpatched Vulnerability : CVE-2023-4759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git...
Backstage 代码问题漏洞
Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. Backstage has a code issue vulnerability that stems from the ability to perform Git configuration injection using server-side template injection, allowing an attacker to capture...
The vulnerability of the Red Hat OpenShift Container Platform corporate platform, related to insecure privilege management, allows a perpetrator to elevate their privileges and execute arbitrary commands.
The vulnerability of the Red Hat OpenShift Container Platform is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to increase their privileges and execute arbitrary commands using a specially created .gitconfig file during cloning processes...
Malicious code in maliciouspackage (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d0e8a8d581266436f0546b5039ee82ab734d45f8489e281322dd871124dad9ce Clearly a demo malicious package, attempting to exfiltrate a token from the git config --- Category: PROBABLYPENTEST - Packages looking like typical pentest...
GHSA-M8RP-VV92-46C7 gix-path improperly resolves configuration path reported by Git
Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...
RUSTSEC-2024-0371 gix-path improperly resolves configuration path reported by Git
Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
PoC exploit for CVE-2024-32002, a remote code execution vulnerab...
Command Injection
github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...
CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
GHSA-XFHP-JF8P-MH5W HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...
GitLab 12.7.0 < 13.0.12 / 13.1 < 13.1.6 / 13.2 < 13.2.3 (CVE-2020-13286)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. CVE-2020-13286 Note that Nessus has not tested for this...