9929 matches found
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the environment variable handling process. An attacker can influence Git operations by setting specific environment variables before execution...
OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)
Impact GITDIR and related git plumbing env vars missing from exec env denylist GHSA-m866-6qv5-p2fg variant. Git plumbing environment variables were not removed before host exec and could redirect Git operations. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenCla...
GHSA-92MM-2PJQ-R785 HashiCorp's go-getter library may allow arbitrary file reads
HashiCorp's go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
Arbitrary Argument Injection
Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the GitGetter function that lacks validation for git options when attempting to check th...
EUVD-2026-20894
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
DEBIAN-CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
CVE-2026-4660
CVE-2026-4660 affects HashiCorp go-getter up to v1.8.5, where a crafted URL during certain git operations can cause arbitrary filesystem reads. The issue is fixed in go-getter v1.8.6; the v2 branch/package is unaffected. If you use go-getter, upgrade to v1.8.6 or later. The provided sources do no...
CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
RHSA-2026:7005 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
RHEL 9 : git-lfs (RHSA-2026:7259)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7259 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details abou...
PT-2026-31607
Disclosure from our research team at Pentest-Tools.com "It's just dev mode" is doing a lot of heavy lifting here. FuelCMS has no enforced access control on the add git submodule installer function. Dev mode on, git over SSH enabled, a valid .git directory in the root: any authenticated user can...
Oracle Linux 9 : git-lfs (ELSA-2026-7259)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-7259 advisory. 3.6.1-8 - Rebuild with new Golang - Resolves: RHEL-158724 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
git-lfs security update
3.6.1-8 - Rebuild with new Golang - Resolves: RHEL-158724...
HashiCorp go-getter 安全漏洞
HashiCorp go-getter is a Go golang library from the American company HashiCorp, used to download files or directories using URLs as the main input format from various sources. HashiCorp go-getter versions prior to v1.8.5 contained a security vulnerability that allowed arbitrary files to be read...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...