Exploit for Interpretation Conflict in Git-Scm Git

It is an offensive tool for scanning vulnerabilities. This PoC e...

interactive-git-checkout 命令注入漏洞

interactive-git-checkout is a branch switching software by the individual developer Nino Filiu. A command injection vulnerability exists in interactive-git-checkout 1.1.4 and earlier versions, which stems from a failure to validate input or clean up branch names, which could lead to a command...

Malicious code in giteegit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a26c5d911f4394086eca9dfca0dfb8b05cc0675bac36dfdbec08e30f6d1abed Package exfiltrates source code files to a telegram channel, while the description promises saving them to a git service --- Category: MALICIOUS - The campaign...

MAL-2025-191739 Malicious code in giteegit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a26c5d911f4394086eca9dfca0dfb8b05cc0675bac36dfdbec08e30f6d1abed Package exfiltrates source code files to a telegram channel, while the description promises saving them to a git service --- Category: MALICIOUS - The campaign...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

CVE-2025-58355

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

Command 'go get' may unexpectedly fallback to insecure git in cmd/go

...

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

...

Soft Serve 路径遍历漏洞

Soft Serve is a self-hostable command-line Git server from Charm Open Source. A path traversal vulnerability exists in Soft Serve 0.9.1 and earlier versions, which stems from an SSH API that allows an attacker to create or overwrite arbitrary files...

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

...

The sideband payload is passed unfiltered to the terminal in git

...

GHSA-G2PQ-9JR7-W6GV Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +148 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-58458 Source advisory: OSV:GHSA-G2PQ-9JR7-W6GV...

Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Git URL field form validation process. An attacker can determine the existence of...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.45.0) +35 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =718.v40b5f0e67cd3,...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...