Lucene search
+L

62 matches found

osv
osv
added 2026/06/22 7:29 p.m.4 views

GO-2026-5058 HashiCorp's go-getter library may allow arbitrary file reads in github.com/hashicorp/go-getter

HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.9AI score0.00583EPSS
Exploits1References2
snyk
snyk
added 2026/06/01 10:29 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of file paths in git-upload-pack, git-receive-pack, and related git operations. An attacker can access files and repositories outside the intended git server root directory by sending...

7.1CVSS6.2AI score0.00527EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 9:16 a.m.19 views

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS0.00527EPSS
Exploits0References2
debiancve
debiancve
added 2026/06/01 8:37 a.m.35 views

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/06/01 8:37 a.m.12 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/01 8:37 a.m.37 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS0.00527EPSS
Exploits0References1
euvd
euvd
added 2026/06/01 8:37 a.m.16 views

EUVD-2026-33606

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References1
osv
osv
added 2026/06/01 8:37 a.m.4 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS6AI score0.00527EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.18 views

PT-2026-45380

Name of the Vulnerable Software and Affected Versions Apache MINA SSHD versions prior to 2.18.0 Apache MINA SSHD versions 3.0.0-M1 through 3.0.0-M3 Description A path traversal issue exists in the org.apache.sshd:sshd-git bundle. Due to a lack of path validation in git-upload-pack,...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References18
veracode
veracode
added 2026/05/16 5:24 a.m.5 views

Arbitrary File Read

go-getter is vulnerable to Arbitrary File Read. The vulnerability is due to improper validation of maliciously crafted Git URLs during certain Git operations, where specially crafted URLs can access unintended file system paths, allowing attackers to read arbitrary files on the host system...

7.5CVSS6.1AI score0.00583EPSS
Exploits1References7Affected Software1
nvd
nvd
added 2026/05/13 4:17 p.m.81 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS0.0035EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/13 3:45 p.m.51 views

CVE-2026-45033 GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS0.0035EPSS
Exploits1References1
osv
osv
added 2026/05/13 3:45 p.m.1 views

CVE-2026-45033 GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS6.5AI score0.0035EPSS
Exploits1References3
osv
osv
added 2026/05/11 4:16 p.m.10 views

GHSA-9CCR-R5HG-74GF GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

Summary A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory...

8.5CVSS6.3AI score0.0035EPSS
Exploits1References3
githubexploit
githubexploit
added 2026/05/07 1:19 a.m.117 views

Exploit for Prototype Pollution in N8N

GHSA-q5f4-99jv-pgg5 — n8n XML Webhook Prototype Pollution → RC...

9.4CVSS6AI score0.00851EPSS
Exploits1
cve
cve
added 2026/05/04 6:30 p.m.52 views

CVE-2026-42231

n8n (open source workflow automation platform) is affected by CVE-2026-42231 due to a prototype pollution flaw in the xml2js XML request body parser within the webhook handler. The vulnerability, exploitable by an authenticated user with permission to create or modify workflows, can be chained wi...

9.4CVSS6.4AI score0.00851EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.21 views

PT-2026-33872

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References4
ibm
ibm
added 2026/04/16 6:58 p.m.6 views

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

7.5CVSS5.8AI score0.00583EPSS
Exploits1Affected Software1
mscve
mscve
added 2026/04/14 2:0 p.m.15 views

GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes

CVE-2026-32631 is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction...

7.4CVSS6.3AI score0.00316EPSS
Exploits0
redhatcve
redhatcve
added 2026/04/10 10:20 a.m.6 views

CVE-2026-4660

A flaw was found in the go-getter library. A remote attacker could exploit this vulnerability by providing a maliciously crafted URL during certain git operations. This could allow the attacker to perform arbitrary file reads on the file system, potentially leading to the disclosure of sensitive...

7.5CVSS5.9AI score0.00583EPSS
Exploits1References4
Rows per page
Query Builder