Lucene search
K

107 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-25261

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.01417EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2874

Malicious code in bioql PyPI...

2.5CVSS6.3AI score0.00244EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2833

Malicious code in bioql PyPI...

6CVSS6.2AI score0.00257EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-2406

Malicious code in bioql PyPI...

8.8CVSS8.1AI score0.01884EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5932

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01966EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/28 1:24 a.m.53 views

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

8CVSS5.7AI score0.02775EPSS
Exploits9References8
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.5 views

CVE-2021-32546

Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...

8.8CVSS7.3AI score0.01966EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/12 7:42 p.m.5 views

Prototype Pollution

Overview org.webjars.npm:parse-git-config is a Parse .git/config into a JavaScript object. sync or async. Affected versions of this package are vulnerable to Prototype Pollution via the expandKeys function. An attacker can obtain sensitive information by exploiting the improper handling of key...

7.5CVSS8.1AI score0.00437EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-4759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git...

8.8CVSS7.4AI score0.01884EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/29 12:0 a.m.4 views

Backstage 代码问题漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. Backstage has a code issue vulnerability that stems from the ability to perform Git configuration injection using server-side template injection, allowing an attacker to capture...

5.4CVSS7.1AI score0.00368EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/18 12:0 a.m.6 views

The vulnerability of the Red Hat OpenShift Container Platform corporate platform, related to insecure privilege management, allows a perpetrator to elevate their privileges and execute arbitrary commands.

The vulnerability of the Red Hat OpenShift Container Platform is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to increase their privileges and execute arbitrary commands using a specially created .gitconfig file during cloning processes...

9.9CVSS8.1AI score0.00894EPSS
Exploits1References10Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/15 4:27 p.m.2 views

Malicious code in maliciouspackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d0e8a8d581266436f0546b5039ee82ab734d45f8489e281322dd871124dad9ce Clearly a demo malicious package, attempting to exfiltrate a token from the git config --- Category: PROBABLYPENTEST - Packages looking like typical pentest...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/09/06 7:55 p.m.20 views

GHSA-M8RP-VV92-46C7 gix-path improperly resolves configuration path reported by Git

Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...

6CVSS6.9AI score0.00257EPSS
Exploits0References6
OSV
OSV
added 2024/09/06 12:0 p.m.26 views

RUSTSEC-2024-0371 gix-path improperly resolves configuration path reported by Git

Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...

6CVSS6.9AI score0.00257EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2024/07/29 10:0 a.m.334 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

PoC exploit for CVE-2024-32002, a remote code execution vulnerab...

9CVSS8.5AI score0.25334EPSS
Exploits32
Veracode
Veracode
added 2024/06/26 6:23 a.m.46 views

Command Injection

github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...

8.4CVSS7.2AI score0.00973EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/06/25 7:21 p.m.23 views

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

7.7CVSS7.7AI score0.00973EPSS
Exploits0References3
OSV
OSV
added 2024/06/25 6:31 p.m.19 views

GHSA-XFHP-JF8P-MH5W HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...

8.4CVSS8AI score0.00973EPSS
Exploits0References5
OSV
OSV
added 2024/06/25 4:31 p.m.15 views

CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution...

8.4CVSS7.3AI score0.00973EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.17 views

GitLab 12.7.0 < 13.0.12 / 13.1 < 13.1.6 / 13.2 < 13.2.3 (CVE-2020-13286)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. CVE-2020-13286 Note that Nessus has not tested for this...

6.4CVSS5.2AI score0.00745EPSS
Exploits0References4
Rows per page
Query Builder