CVE-2026-31861

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2025-59041

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...

CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...

Ubuntu 18.04 LTS / 20.04 LTS : Git regression (USN-5810-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5810-2 advisory. USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Tenab...

Debian: Security Advisory (DLA-1120-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the CentOS operating system allows a malicious attacker to compromise the integrity of protected information.

The vulnerability of the git-email-1.7.1 package on the CentOS operating system can lead to a breach of protected information. Exploiting this vulnerability can be carried out remotely...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the git-email package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the integrity of protected information.

The vulnerability of the git-email-1.7.1 package on the Red Hat Enterprise Linux operating system can lead to a breach of protected information. This vulnerability can be exploited remotely...

openSUSE Security Update : git (openSUSE-SU-2013:0380-1)

git imap-send was fixed to do SSL host verification. This can be disabled if necessary in the config file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-170. The text descripti...

Debian Security Advisory DSA 1777-1 (git-core)

The remote host is missing an update to git-core announced via advisory DSA 1777-1. OpenVAS Vulnerability Test $Id: deb17771.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1777-1 git-core Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...