Astra Linux - уязвимость в git-lfs

Git LFS is an extension to Git for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository’s working tree with the contents of Git LFS objects, certain Git LFS commands might write to files that are visible outside the current Git working tree, if symboli...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

EUVD-2022-1652

Malicious code in bioql PyPI...

TencentOS Server 3: git-lfs (TSSA-2025:0109)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0109 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0019: git-lfs (ALINUX3-SA-2025:0019)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0019 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-53263: Git LFS is a Git extension for...

CVE-2025-22870 affecting package git-lfs for versions less than 3.6.1-2

CVE-2025-22870 affecting package git-lfs for versions less than 3.6.1-2. A patched version of the package is available...

CVE-2025-22870 affecting package git-lfs for versions less than 3.5.1-5

CVE-2025-22870 affecting package git-lfs for versions less than 3.5.1-5. A patched version of the package is available...

CVE-2022-24826

On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious...

CVE-2023-39325 affecting package git-lfs for versions less than 3.6.1-1

CVE-2023-39325 affecting package git-lfs for versions less than 3.6.1-1. An upgraded version of the package is available that resolves this issue...

Mageia: Security Advisory (MGASA-2025-0028)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : git-lfs (RHSA-2025:0757)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:0757 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

RHEL 8 : git-lfs (RHSA-2025:0762)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:0762 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

CVE-2024-53263

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

Git LFS permits exfiltration of credentials via crafted HTTP URLs

Impact When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host...

KLA79449 OSI vulnerability in Git LFS

Information disclosure vulnerability was found in Git LFS. Malicious users can exploit this vulnerability via special crafted URL to obtain sensitive information. Original advisories Git LFS 3.6.1 Related products Git-LFS CVE list CVE-2024-53263 critical Solution Update to the latest version...

AlmaLinux 8 : git-lfs (ALSA-2024:7135)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:7135 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Tenable...

CVE-2022-24826 Git LFS can execute a binary from the current directory on Windows

On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious...

PT-2022-16905 · Github +1 · Git Lfs +1

Name of the Vulnerable Software and Affected Versions: Git LFS versions 2.12.1 through 3.1.2 Description: On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting t...