Code injection

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases...

CVE-2015-7082

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases...

CVE-2015-7082

CVE-2015-7082 refers to multiple unspecified vulnerabilities in Git prior to 2.5.4, as used by Apple Xcode prior to 7.2. The connected document details a concrete root cause: a flaw in the git-remote-ext component that can be triggered by handling a specially crafted URL, enabling a remote attack...

git-fastclone permits arbitrary shell command execution from .gitmodules

Git allows executing arbitrary shell commands using git-remote-ext via a remote URLs. Normally git never requests URLs that the user doesn't specifically request, so this is not a serious security concern. However, submodules did allow the remote repository to specify what URL to clone from. If a...

CentOS 7 : git (CESA-2015:2561)

Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from th...

emacs, git, gitk, gitweb, perl security update

CentOS Errata and Security Advisory CESA-2015:2561 Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

RedHat Update for git RHSA-2015:2561-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : git (ELSA-2015-2561)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2561 advisory. 1.8.3.1-6 - fix arbitrary code execution via crafted URLs Resolves: 1274737 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 7 : git (RHSA-2015:2561)

Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from th...

UBUNTU-CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

Moderate: Red Hat Security Advisory: git security update

Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from th...

git security update

1.8.3.1-6 - fix arbitrary code execution via crafted URLs Resolves: 1274737...

Moderate: Red Hat Security Advisory: git19-git security update

Updated git19-git packages that fix one security issue are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

openSUSE Security Update : git (openSUSE-2015-737)

Git was updated to fix one security issue. The following vulnerability was fixed : - boo948969: remote code execution with recursive fetch of submodules %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...

FreeBSD : Git -- Execute arbitrary code (7f645ee5-7681-11e5-8519-005056ac623e)

Git release notes : Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...

Salt -- multiple vulnerabilities

Salt release notes: CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the...

Updated git packages fix security vulnerability

The git package has been updated to version 2.3.10, fixing a few security issues. These include buffer and integer overflow issues with long file path names and large files, as well as a remote code execution flaw with some protocols like git-remote-ext and specially crafted URLs. See the upstrea...

Kallithea 0.2.9 HTTP Response Splitting

Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...

Kallithea 0.2.9 HTTP Response Splitting Vulnerability

Kallithea suffers from a HTTP header injection response splitting vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'camefrom' parameter in the login instance. This type of attack not only allows a malicious user to control the...