9928 matches found
[SECURITY] Fedora 42 Update: opam-2.5.1-1.fc42
Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...
Fedora 44 : composer (2026-1140c02041)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1140c02041 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...
Simple Git 代码注入漏洞
Simple Git is a lightweight interface developed by Steve King from the UK. It is used to execute Git commands in any Node.js application. Versions of Simple Git prior to 3.36.0 had a code injection vulnerability, which was due to incomplete fixes for CVE-2022-25912. This vulnerability could allow...
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...
GHSA-Q5HJ-MXQH-VV77 Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...
Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...
GHSA-WCM7-94WG-H74H Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...
EUVD-2026-25315
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...
PT-2026-37099
Name of the Vulnerable Software and Affected Versions Claude Code versions 2.1.63 through 2.1.83 Description The folder trust determination logic fails to validate the contents of the git worktree commondir file. An attacker can craft a malicious repository with a commondir file pointing to a pat...
CVE-2026-41332
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...
CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...
CVE-2026-41332
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...
CVE-2026-41332
OpenClaw before 2026.3.28 is vulnerable to a code execution path via an incomplete host-env blocklist: GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked. Exploitation can occur through approved exec requests that cause git or AWS CLI to behave based on attacker-controlled configuration files, ...
SUSE CVE-2026-40161
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL...
SUSE CVE-2026-40938
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...
Fedora 42 : composer (2026-d91f313a63)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d91f313a63 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...
PT-2026-34763
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT TEMPLATE DIR and AWS CONFIG FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration...
Active Debug Code
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php file. An attacker can obtain sensitive information, including developer email addresses, deployed commit hashes, and commit...
RHSA-2026:9439 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHSA-2026:9436 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...