Lucene search
+L

55 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-49987

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00697EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00697EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS6.2AI score0.00697EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/07/01 7:0 p.m.5 views

repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection

Vulnerability Metadata | Field | Detail | | --- | --- | | Affected Component | src/core/git/gitCommand.ts execGitShallowClone | | Impact | Arbitrary Command Execution / Security Control Bypass | Summary The --remote-branch CLI option in repomix is vulnerable to argument injection. User-supplied...

7.5CVSS6.2AI score0.00697EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-55215

Name of the Vulnerable Software and Affected Versions Repomix versions prior to 1.14.1 Description Repomix is vulnerable to argument injection via the --remote-branch CLI option. The application passes the value of the remoteBranch variable directly to git fetch and git checkout subprocesses with...

8.8CVSS6.3AI score0.00697EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.8 views

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

Summary pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as...

7.3CVSS6AI score0.0018EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/25 6:16 p.m.11 views

CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

7.3CVSS0.0018EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:51 p.m.35 views

CVE-2026-50014

Summary: CVE-2026-50014 affects pnpm prior to 10.34.0 and 11.4.0. The lockfile-controlled git resolution.commit value is passed to git fetch without a separator or commit-format validation, enabling a malicious lockfile to inject git options (notably --upload-pack) in shallow-fetch paths. This ca...

7.3CVSS5.9AI score0.0018EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:51 p.m.34 views

CVE-2026-50014 pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

6.4CVSS0.0018EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 4:51 p.m.5 views

CVE-2026-50014 pnpm: Git Fetch Argument Injection via Lockfile resolution.commit

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

6.4CVSS6AI score0.0018EPSS
Exploits1References3
OSV
OSV
added 2026/06/09 4:46 p.m.3 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.7CVSS6.8AI score0.00945EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2026/04/21 8:21 p.m.16 views

K000160934: Multiple Go vulnerabilities

Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...

8.6CVSS6.5AI score0.01137EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1593

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.04067EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 p.m.11 views

CVE-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

7.5CVSS6.8AI score0.87678EPSS
Exploits8References1
OSV
OSV
added 2024/03/06 10:52 a.m.32 views

BIT-GITEA-2022-30781

Gitea before 1.16.7 does not escape git fetch remote...

7.5CVSS7.5AI score0.87678EPSS
Exploits8References6
Metasploit
Metasploit
added 2022/11/17 7:50 p.m.495 views

Gitea Git Fetch Remote Code Execution

This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affect Gitea before 1.16.7 version. Module Options msf use exploit/multi/http/giteagitfetchrce msf exploitgiteagitfetchrce show targets...

7.5CVSS7.3AI score0.87678EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/11/17 12:0 a.m.311 views

Gitea Git Fetch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...

7.5CVSS0.1AI score0.87678EPSS
Exploits8
Exploit DB
Exploit DB
added 2022/09/15 12:0 a.m.385 views

Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)

Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...

7.5CVSS7.5AI score0.87678EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/09/15 12:0 a.m.344 views

Gitea 1.16.6 Remote Code Execution

Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...

7.5CVSS0.3AI score0.87678EPSS
Exploits8
Github Security Blog
Github Security Blog
added 2022/05/17 12:1 a.m.80 views

Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

7.5CVSS8.1AI score0.87678EPSS
Exploits8References7Affected Software1
Rows per page
Query Builder