71 matches found
CVE-2026-11572
Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...
CVE-2026-11572
Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...
CVE-2026-11572
The CVE-2026-11572 entry concerns the npm package degit. Affected versions are degit before 2.8.6, versions 3.0.0 to before 3.3.1, where user input used to construct git shell commands is directly passed to exec() in _cloneWithGit() and fetchRefs(). This improper sanitisation enables a remote att...
PT-2026-47686
Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...
Astra Linux - уязвимость в git
Git is an open-source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits comman...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: git (UTSA-2025-986161)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986161 advisory. Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionali...
EUVD-2022-41771
Malicious code in bioql PyPI...
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
...
Linux Distros Unpatched Vulnerability : CVE-2017-8386
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x...
RHEL 6 / 7 : rh-git29-git (RHSA-2017:2491)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2491 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
git: git shell function that splits command arguments can lead to arbitrary heap writes.
Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...
EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-2424)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes c...
git: git shell function that splits command arguments can lead to arbitrary heap writes.
Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...
RHEL 9 : git (RHSA-2023:2319)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2319 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
git: git shell function that splits command arguments can lead to arbitrary heap writes.
Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...
SUSE CVE-2017-8386
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with...
SUSE CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
SUSE CVE-2022-39260
Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1384)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : git (EulerOS-SA-2023-1356)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and...