@formicarium/tanajura (>=0.0.2 <=1.10.3), starbucket (>=0.9.1 <=1.1.1) +2 more potentially affected by unknown CVE via node-git-server (>=0.0.1 <=0.4.3)

node-git-server NPM version =0.0.1, =0.0.2, =0.9.1, =0.1.0, =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-CV3V-7846-6PXM...

Unauthorized File Access in node-git-server

Versions of node-git-server prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories. Recommendation Upgrade to version 0.6.1 or later...

GHSA-CV3V-7846-6PXM Unauthorized File Access in node-git-server

Versions of node-git-server prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories. Recommendation Upgrade to version 0.6.1 or later...

Unauthorized File Access

Overview Versions of node-git-server prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories. Recommendation Upgrade to version 0.6.1 or later. References - GitHub PR -...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

Input validation

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...

Design/Logic Flaw

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

CVE-2019-11218

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...

CVE-2019-11218

CVE-2019-11218 affects Bonobo Git Server prior to 6.5.0, where improper handling of extra parameters in AccountController (User Profile edit) allows authenticated users to escalate privileges to application administrator. The issue is triggered by additional form parameters and is documented acro...

CVE-2019-11218

Improper handling of extra parameters in the AccountController User Profile edit in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions...

CVE-2019-11217

The CVE-2019-11217 issue affects Bonobo Git Server: GitController before 6.5.0 allows arbitrary command execution in the web server context via a crafted HTTP request. The root cause is exposed in the GitController handling, enabling an attacker to run commands with server privileges. Impact is h...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

GIT Input Validation Vulnerability

GIT is the American software developer Linus Torvalds Linus Torvalds developed a set of free, open source distributed version control system. client is one of the clients. An input validation vulnerability exists in Client in GIT 2.15.1 and earlier versions. A remote attacker could exploit this...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

Fedora 25 : git (2017-66aa5d1d33)

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...

Amazon Linux: Security Advisory (ALAS-2016-672)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...