Astra Linux - уязвимость в git-lfs

Git LFS is an extension to Git for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository’s working tree with the contents of Git LFS objects, certain Git LFS commands might write to files that are visible outside the current Git working tree, if symboli...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

EUVD-2022-1652

Malicious code in bioql PyPI...

TencentOS Server 3: git-lfs (TSSA-2025:0109)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0109 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0019: git-lfs (ALINUX3-SA-2025:0019)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0019 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-53263: Git LFS is a Git extension for...

Mageia: Security Advisory (MGASA-2025-0028)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-53263

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

Git LFS permits exfiltration of credentials via crafted HTTP URLs

Impact When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host...

KLA79449 OSI vulnerability in Git LFS

Information disclosure vulnerability was found in Git LFS. Malicious users can exploit this vulnerability via special crafted URL to obtain sensitive information. Original advisories Git LFS 3.6.1 Related products Git-LFS CVE list CVE-2024-53263 critical Solution Update to the latest version...

PT-2022-16905 · Github +1 · Git Lfs +1

Name of the Vulnerable Software and Affected Versions: Git LFS versions 2.12.1 through 3.1.2 Description: On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting t...