Lucene search
+L

133 matches found

euvd
euvd
added 2026/07/02 5:50 p.m.13 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
susecve
susecve
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
osv
osv
added 2026/06/10 11:16 p.m.7 views

DEBIAN-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References1
nvd
nvd
added 2026/06/10 11:16 p.m.25 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
osv
osv
added 2026/06/10 11:16 p.m.8 views

UBUNTU-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References4
snyk
snyk
added 2026/06/10 11:12 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the porcelain.submoduleupdate module when handling attacker-controlled submodule paths from a crafted upstream repository without proper path validation. An attacker can achieve arbitrary code execution by crafti...

8.3CVSS6.1AI score0.00448EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.22 views

PT-2026-48568

🔴 CVE-2026-52726 is being exploited for RCE: attackers can drop malicious .git/hooks payloads via Dulwich's submodule path traversal flaw. This bypasses standard protections. Patch immediately to prevent full compromise. NerdieNews CyberSecurity Vulnerability https://t.co/tIoG1l3nqd...

7.5CVSS5.4AI score0.00448EPSS
Exploits0References17
mscve
mscve
added 2026/05/31 8:4 a.m.7 views

gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

...

8.5CVSS5.3AI score0.00351EPSS
Exploits0
redhatcve
redhatcve
added 2026/05/28 8:12 p.m.12 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References1
susecve
susecve
added 2026/05/28 3:58 a.m.16 views

SUSE CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
nvd
nvd
added 2026/05/26 3:16 p.m.18 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS0.00351EPSS
Exploits0References5
osv
osv
added 2026/05/26 3:16 p.m.3 views

DEBIAN-CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/05/26 3:16 p.m.10 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References6
osv
osv
added 2026/05/26 3:16 p.m.10 views

UBUNTU-CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/26 2:8 p.m.10 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References5
osv
osv
added 2026/05/26 2:8 p.m.2 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/26 2:8 p.m.44 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS0.00351EPSS
Exploits0References5
euvd
euvd
added 2026/05/26 2:8 p.m.12 views

EUVD-2026-31831

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands vi...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References5
cve
cve
added 2026/05/26 2:8 p.m.48 views

CVE-2026-40034

CVE-2026-40034 affects gix-submodule (gitoxide) prior to 0.82.0. The vulnerability arises because update in .gitmodules is not properly validated, allowing an attacker who has initialized a submodule with partial configuration in .git/config to bypass the CommandForbiddenInModulesConfiguration gu...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/26 2:8 p.m.14 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References6
Rows per page
Query Builder