513 matches found
CVE-2021-21237
Summary (CVE-2021-21237): Git LFS on Windows is vulnerable to remote code execution when operating on a malicious repository that contains a git.bat or git.exe in the current directory. The Go runtime on Windows includes the current directory for command names without a directory separator, causi...
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system...
Git LFS Remote Code Execution (CVE-2020-27955)
A remote code execution vulnerability exists in Git LFS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
git-lfs Remote Code Execution
/ Go PoC exploit for git-lfs - Remote Code Execution RCE vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go Discovered by Dawid Golunski https://legalhackers.com https://exploitbox.io Affected RCE exploit: Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken / SmartGit /...
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution...
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution...
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution...
Remote code execution
Git LFS 2.12.0 allows Remote Code Execution...
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution...
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution...
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution...
PT-2020-16878 · Github · Git +1
Name of the Vulnerable Software and Affected Versions: Git LFS versions 2.12.0 Git versions prior to 2.29.2 Description: The issue allows Remote Code Execution RCE on Windows systems when Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory. This occu...
git-lfs bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
git-lfs bug fix and enhancement update
An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...
ALEA-2020:4829 git-lfs bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
PhishingKitTracker - Let's Track Phishing Kits To Give To Research Community Raw Material To Stud
An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats Disclaimer This repository holds a collection of Phishing Kits used by criminals to steal user information. Almost every file into the raw folder is malicious so I strongly...
Gitlab -- Arbitrary File read in GitLab project import with Git LFS
Gitlab reports: Arbitrary File read in GitLab project import with Git LFS...
Remote Command Execution (RCE)
github.com/git-lfs/git-lfs is vulnerable to remote code execution RCE attacks. The application does not sanitize ssh:// URLs passed to it, allowing a malicious user to execute arbitrary commands...