Lucene search
K

58 matches found

Snyk
Snyk
added 2026/02/25 9:54 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and triggering a git operation. This is onl...

9CVSS6.2AI score0.00718EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 9:54 p.m.5 views

GHSA-X2MW-7J39-93XQ n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...

9CVSS6.5AI score0.00718EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.5 views

CVE-2025-68145

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

6.4CVSS6.7AI score0.06197EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 11:16 p.m.6 views

CVE-2025-68145

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

9.1CVSS0.06197EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 10:50 p.m.4 views

GHSA-J22H-9J4X-23W5 mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

6.4CVSS6.5AI score0.06197EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/20 2:15 p.m.5 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the core.fsmonitor configuration option in the .git/config file. An attacker can execute arbitrary code by convincing a user or tool to scan a specially crafted repository that contains a malicious...

8.4CVSS7.5AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9694

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00355EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/26 6:23 a.m.45 views

Command Injection

github.com/hashicorp/go-getter is vulnerable to Command Injection. The vulnerability is caused by improper handling of arguments in Git operations within getgit.go. This allows attackers to manipulate the Git configuration and execute arbitrary code...

8.4CVSS7.2AI score0.00973EPSS
Exploits0References3Affected Software1
Akamai Blog
Akamai Blog
added 2024/03/01 10:20 a.m.3 views

Push vs. Pull-Based Architecture in GitOps

...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.3 views

open-irs Information Disclosure Vulnerability

Degamisu open-irs is an issue response bot from Degamisu Japan for responding to issues in installed repositories. An information disclosure vulnerability exists in open-irs, which stems from the accidental upload of an .env file during a git operation...

9.8CVSS6.5AI score0.00527EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/03/24 11:6 a.m.4 views

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/28 12:0 a.m.36 views

Fedora 37 : rust-bat / rust-cargo-c / rust-exa / rust-git-delta / rust-gitui / etc (2023-e3c8abd37e)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-e3c8abd37e advisory. This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-291...

7.8CVSS7.6AI score0.00782EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.5 views

Red Hat OpenShift 资源管理错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. Red Hat OpenShift GitOps 1.5 suffers from a resource management error vulnerability that stems from vulnerability to uncontrolled...

6.5CVSS6.4AI score0.0083EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.8 views

Red Hat OpenShift 后置链接漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift GitOps 1.5 that stems from vulnerability to symbolic links, which can be exploite...

4.3CVSS5.2AI score0.00821EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.9 views

GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug list, and more. An authorization issue vulnerability exists in GitLab that...

6.6CVSS5.9AI score0.00844EPSS
Exploits0References4
HackRead
HackRead
added 2021/05/11 7:30 p.m.40 views

GitHub Will Now Support Security Keys for SSH Git Operations

By Deeba Ahmed To prevent account takeover in SSH Git operations, GitHub has now added support for security keys. This is a post from HackRead.com Read the original post: GitHub Will Now Support Security Keys for SSH Git Operations...

1AI score
Exploits0
OSV
OSV
added 2021/02/17 12:15 p.m.7 views

CVE-2021-22553

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...

7.5CVSS7.1AI score0.00355EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2020/12/01 12:0 a.m.24 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.0: Add Allow-/Block-List for Migrate and Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS...

0.2AI score
Exploits0References1
Rows per page
Query Builder