25 matches found
CVE-2026-4660
CVE-2026-4660 affects HashiCorp go-getter up to v1.8.5, where a crafted URL during certain git operations can cause arbitrary filesystem reads. The issue is fixed in go-getter v1.8.6; the v2 branch/package is unaffected. If you use go-getter, upgrade to v1.8.6 or later. The provided sources do no...
CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
EUVD-2023-2859
Malicious code in bioql PyPI...
EUVD-2025-19585
Malicious code in bioql PyPI...
CVE-2025-49520
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...
CVE-2025-49520
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...
Denial Of Service (DoS)
github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of input validation within the Clone method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits, leadi...
CVE-2023-46402
A flaw was found in the git-urls package. This issue occurs when a long input is provided inside the directory path of the git url. This could lead to loading delays or a regular expression denial of service...
Inefficient Regular Expression Complexity in git-urls
git-urls version 1.0.1 is vulnerable to ReDOS Regular Expression Denial of Service in Go package...
GHSA-3F2Q-6294-FMQ5 Inefficient Regular Expression Complexity in git-urls
git-urls version 1.0.1 is vulnerable to ReDOS Regular Expression Denial of Service in Go package...
CVE-2023-46402
git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...
CVE-2023-46402
git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...
CVE-2023-46402
git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...
Code injection
git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...
git-urls Security Vulnerabilities
git-urls is a Go library from Will Maier's personal developer. It is used to parse Git URLs. A security vulnerability exists in git-urls version 1.0.1. An attacker could exploit this vulnerability to conduct a regular expression denial of service attack...
PT-2023-30003 · Git-Urls · Git-Urls
Name of the Vulnerable Software and Affected Versions: git-urls version 1.0.1 git-urls version 1.0.0 Description: The issue is related to ReDOS Regular Expression Denial of Service in the Go package. This can cause a denial of service in the urls.go file. Recommendations: For git-urls version...
CVE-2023-46402
git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...
CVE-2023-46402
Git-URLs 1.0.0 is vulnerable to a Regular Expression Denial of Service (ReDOS) in urls.go. Connected Fedora advisories confirm a bugfix mitigating CVE-2023-46402, e.g., updating to golang-github-chainguard-dev-git-urls 1.0.2 for Fedora 41. No additional exploit details are provided in the connect...
CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
Docker < 18.09.4 RCE Vulnerability
Docker is prone to a remote code execution RCE vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...