git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

CLSA-2026-1768223578 git: Fix of CVE-2024-32021

CVE-2024-32021: fix symlink bypass, abort when hardlinked source and target file differ...

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

CLSA-2026-1768210963 git: Fix of 2 CVEs

CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to insufficient restriction of Git configuration values, where workflows using the Git node can set core.hooksPath to a malicious location, causing arbitrary commands to execute on the n8n host via crafted Git hooks during...

CVE-2021-28955

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations most often seen on Windows...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process...

CVE-2022-37010

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed...

CVE-2020-7619

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

CVE-2020-7630

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

CVE-2023-4189

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4878

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2021-22237

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2...

CVE-2023-29012

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem ha...

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...