33 matches found
patchbot
patchbot patchbot is an AI-assisted security reviewer for p...
CVE-2026-33718
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
PYSEC-2026-106
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
PYSEC-2026-106
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718
OpenHands CVE-2026-33718 is a command-injection vulnerability disclosed across multiple feeds. It affects the get_git_diff() path in OpenHands 1.5.0 and earlier when the path parameter from the /api/conversations/{conversation_id}/git/diff endpoint is unsafely interpolated into a shell command (g...
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
OpenHands is Vulnerable to Command Injection through its Git Diff Handler
Summary A Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitra...
GHSA-7H8W-HJ9J-8RJW OpenHands is Vulnerable to Command Injection through its Git Diff Handler
Summary A Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitra...
Command Injection
Overview openhands-ai is an OpenHands: Code Less, Make More Affected versions of this package are vulnerable to Command Injection via the getgitdiff method. An attacker can execute arbitrary commands, read sensitive files, write arbitrary files, establish persistent access, or potentially escape...
PT-2026-28181
Name of the Vulnerable Software and Affected Versions OpenHands versions prior to 1.5.0 Description OpenHands is software for AI-driven development. A Command Injection vulnerability exists in the get git diff method at openhands/runtime/utils/git handler.py:134. The path parameter from the...
Arbitrary Argument Injection
Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...
CVE-2025-68144
CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...
Model Context Protocol Servers 参数注入漏洞
Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A parameter injection vulnerability exists in versions of Model Context Protocol Servers prior to 2025.12.17, which stems from the gitdiff and gitcheckout functions passing...
PT-2025-51937
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description The git diff and git checkout functions in mcp-server-git did not properly sanitize user-supplied arguments before passing them to git CLI commands. Specifically, flag-like values, such a...
EUVD-2020-0294
Malware in sbrugna...
CVE-2019-10776
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...