CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

Cross site scripting

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

CVE-2017-16019

GitBook (CLI and Node.js library) before version 3.2.2 is vulnerable to Stored XSS when code outside of backticks is included in any ebook, causing code to execute in the online reader. Affected versions: prior to 3.2.2. The issue is mitigated by upgrading to 3.2.2 or later.

CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

Confirmed—Microsoft Buys GitHub For $7.5 Billion

Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system,...

Important Photon OS Security Update - PHSA-2018-0053

Updates of 'git' packages of Photon OS have been released...

FreeBSD : Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) (c7a135f4-66a4-11e8-9e63-3085a9a47796)

The Git community reports : - In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. - In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0145

An update of 'git' packages of Photon OS has been released...

Fedora 27 : git (2018-080a3d7866)

Upstream security fixes related to .gitmodules handling. From the upstream announcement : - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. ...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0053

An update of 'git' packages of Photon OS has been released...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2018-152-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-152-01. The text itself is copyright ...

MGASA-2018-0267 Updated git packages fix security vulnerabilities

It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...

Updated git packages fix security vulnerabilities

It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory CVE-2018-11233. Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by...

Fedora Update for git FEDORA-2018-75f7624a9f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for git FEDORA-2018-080a3d7866

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] git

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/git-2.14.4-i586-1slack14.2.txz: Upgraded. This update fixes security issues: Submodule "names" come from...

[SECURITY] Fedora 27 Update: git-2.14.4-1.fc27

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

[SECURITY] Fedora 28 Update: git-2.17.1-2.fc28

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Git Remote Code Execution

Exploit Title: Git code execution Date: 2018-05-29 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://github.com/git/git CVE: CVE-2018-11235 Version: =2.17.1 Tested on Kali Linux P0C: Create two files: pwned.sh: the file which will contain our commands to be executed...