CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

Design/Logic Flaw

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

CVE-2018-13396

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain cod...

CVE-2018-13396

CVE-2018-13396 affects Sourcetree for macOS. The vulnerability is an argument injection in the embedded Git used by Sourcetree when parsing Git subrepositories in Mercurial repositories. A user with write access to a Mercurial repo linked in Sourcetree can exploit this to execute code on the syst...

CVE-2018-13397

Sourcetree for Windows (versions 0.5.1.0 up to, but not including, 3.0.0) is vulnerable to an argument injection flaw in Git subrepositories within Mercurial repositories. An attacker with commit access to a linked Mercurial repo can exploit this to gain code execution on the host. Affected macOS...

Updated gitolite packages fix security vulnerability

Updated gitolite package fixes security vulnerability: Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow...

Sourcetree Git Arbitrary Code Execution Vulnerability

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version...

Security fix for the ALT Linux 9 package NetworkManager version 1.14.5-alt1.gitba83251bba87

Nov. 1, 2018 Mikhail Efremov 1.14.5-alt1.gitba83251bba87 - Upstream git snapshot nm-1-14 branch fixes: CVE-2018-15688...

RHEL 7 : git (RHSA-2018:3408)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3408 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serve...

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

git: arbitrary code execution via .gitmodules

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

Slither - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

Amazon Linux 2 : git (ALAS-2018-1093)

Git before 2.14.5, allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.CVE-2018-17456 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE: Security Advisory for git (openSUSE-SU-2018:3178-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: git

Issue Overview: Git before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.CVE-2018-17456 Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-2)

This update for git fixes several issues. These security issues were fixed : CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory bsc1095218 CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository bsc1095219 Note that Tenable Netwo...

Fedora 27 : git (2018-d5139c4fd6)

Upstream security update resolving an issue with git clone --recurse-submodules. From the upstream release announcement : These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with...

Fedora Update for git FEDORA-2018-d5139c4fd6

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: git-2.14.5-1.fc27

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...