30 matches found
EUVD-2024-30287
Malicious code in bioql PyPI...
EUVD-2025-0069
Malicious code in bioql PyPI...
CVE-2024-32478
Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...
CVE-2020-26233
Git Credential Manager Core GCM Core is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and...
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
Interpretation Conflict
Overview Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of newline characters in remote URLs. An attacker can capture credentials for another Git remote by crafting a malicious URL that manipulates newline interpretations between Git and the G...
GHSA-86C2-4X57-WC8G Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials
Description The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the use of the NUL \0 character and newlines to form part of the keys^1 or values. When Git reads from...
Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials
Description The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the use of the NUL \0 character and newlines to form part of the keys^1 or values. When Git reads from...
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
CVE-2024-50338
Git Credential Manager (GCM) on Windows/macOS/Linux is affected by CVE-2024-50338 due to a newline handling mismatch with Git. GCM’s ReadLineAsync accepts LF, CRLF, and CR, while Git’s credential parsing forbids an isolated CR, enabling an attacker to craft a malicious remote URL (for example, ht...
CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
...
PT-2025-2873 · Unknown +1 · Git For Windows +2
Name of the Vulnerable Software and Affected Versions: Git Credential Manager versions prior to 2.6.1 Git for Windows versions prior to 2.47.1.2 Description: The issue arises from a mismatch in newline character treatment between Git and Git Credential Manager GCM. GCM considers LF, CRLF, and CR ...
Git Credential Manager 信息泄露漏洞
Git Credential Manager GCM is a secure Git credential assistant open-sourced by Git Ecosystem. An information disclosure vulnerability exists in Git Credential Manager. An attacker could exploit this vulnerability to capture the credentials of another Git remote. The following products and versio...
CVE-2024-32478
Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...
CVE-2024-32478 Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files
Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...
CVE-2024-32478 Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files
Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...
CVE-2024-32478
The CVE-2024-32478 entry refers to Git Credential Manager (GCM). Affected component: Debian package of GCM prior to version 2.5.0. Root-ownership not set on installed files, enabling a local multi-user attacker to replace the binary and potentially escalate privileges. Impact is described as priv...