47 matches found
CVE-2026-50014
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...
CVE-2026-50014 pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...
CVE-2026-50014
Affected software : pnpm (package manager). Vulnerability context : Prior to versions 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a separator or commit-format validation. In shallow-fetch paths, a malicious lockfile can replace the expe...
K000160934: Multiple Go vulnerabilities
Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...
EUVD-2022-1593
Malicious code in bioql PyPI...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
BIT-GITEA-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
Gitea Git Fetch Remote Code Execution
This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affect Gitea before 1.16.7 version. Module Options msf use exploit/multi/http/giteagitfetchrce msf exploitgiteagitfetchrce show targets...
Gitea Git Fetch Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...
Gitea 1.16.6 Remote Code Execution
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
GHSA-P5F9-C9J9-G8QX Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
Design/Logic Flaw
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
CVE-2022-30781 affects Gitea prior to 1.16.7. The issue arises from improper escaping in the git fetch remote during repository migration, enabling remote command execution. Public details confirm a Git fetch remote code path as the root cause and that versions before 1.16.7 are vulnerable; mitig...
GHSA-5875-M6JQ-VF78 Command injection in workspace-tools
The package workspace-tools before 0.18.4 is vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...