511 matches found
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Git LFS vulnerabilities (USN-7977-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7977-1 advisory. Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for...
Ubuntu: Security Advisory (USN-7977-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7977-1 git-lfs vulnerabilities
Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. CVE-2024-53263 It was discovered that Git LFS could have its git lfs checkout and git lfs...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker can remove LFS locks from repositories they do not own by leveraging write access to a...
CVE-2026-20897
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...
CVE-2026-20897 Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...
MiracleLinux 9 : git-lfs-3.4.1-4.el9_4 (AXSA:2024-8856:07)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8856:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...
MiracleLinux 8 : git-lfs-3.4.1-2.el8 (AXSA:2024-8248:04)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8248:04 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...
MiracleLinux 8 : git-lfs-2.13.3-3.el8 (AXSA:2022-3920:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3920:02 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...
MiracleLinux 8 : git-lfs-3.4.1-3.el8_10 (AXSA:2024-8855:06)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8855:06 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...
MiracleLinux 8 : git-lfs-3.2.0-3.el8_9 (AXSA:2024-7734:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7734:01 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288,VU421644.3 Tenable has extracted the preceding description...
MiracleLinux 9 : git-lfs-3.2.0-1.el9 (AXSA:2023-5844:01)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5844:01 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: net/http/httputil: ReverseProxy should not forward...
MiracleLinux 8 : git-lfs-3.2.0-2.el8 (AXSA:2023-5956:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5956:02 advisory. golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: regexp/syntax: limit memory used by...
RHSA-2026:0465 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
MiracleLinux 9 : git-lfs-3.6.1-2.el9_6 (AXSA:2025-10545:05)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10545:05 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...
MiracleLinux 8 : git-lfs-3.4.1-4.el8_10 (AXSA:2025-9621:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9621:02 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...
MiracleLinux 9 : git-lfs-3.4.1-4.el9_5 (AXSA:2025-9577:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9577:01 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...
RHEL 8 : git-lfs (RHSA-2026:0459)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0459 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
MiracleLinux 8 : git-lfs-3.4.1-5.el8_10 (AXSA:2025-10027:03)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10027:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...