Lucene search
K

558 matches found

Github Security Blog
Github Security Blog
added 2024/01/19 9:58 p.m.146 views

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

7.5CVSS7AI score0.00791EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2024/01/19 9:58 p.m.4 views

GHSA-C24V-8RFC-W8VW Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

7.5CVSS7AI score0.03152EPSS
Exploits2References9
NVD
NVD
added 2024/01/19 8:15 p.m.25 views

CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

7.5CVSS7.4AI score0.00791EPSS
Exploits1References3
OSV
OSV
added 2024/01/19 7:43 p.m.20 views

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References5
CVE
CVE
added 2024/01/19 7:43 p.m.351 views

CVE-2024-23331

CVE-2024-23331 (Vite) : The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems by using case-augmented filenames. The issue occurs because picomatch defaults to case-sensitive glob matching, while the file server does not, enabling a blacklist bypass and potent...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.7 views

PT-2024-19813 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.17 Vite versions prior to 3.2.8 Vite versions prior to 4.5.2 Vite versions prior to 5.0.12 Description: The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented...

10CVSS6.8AI score0.03152EPSS
Exploits10References43
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.6 views

Vite Security Vulnerabilities

Vite is a new front-end build tool from Vite open source. Vite has a security vulnerability , the vulnerability stems from the file system is not case-sensitive...

7.5CVSS6.9AI score0.00791EPSS
Exploits1References4
OSV
OSV
added 2023/12/29 11:6 a.m.3 views

OESA-2023-1995 jgit security update

A pure Java implementation of the Git version control system and command line interface. Security Fixes: Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file...

8.8CVSS9.7AI score0.01884EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/21 11:12 a.m.66 views

Arbitrary File Overwrite

org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...

8.8CVSS6.8AI score0.01884EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/18 3:30 p.m.39 views

Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/09/18 3:30 p.m.41 views

GHSA-3P86-9955-H393 Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References7
NVD
NVD
added 2023/09/12 10:15 a.m.24 views

CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References3
OSV
OSV
added 2023/09/12 10:15 a.m.13 views

CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score
Exploits0References3
OSV
OSV
added 2023/09/12 10:15 a.m.1 views

DEBIAN-CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.5AI score0.01884EPSS
Exploits0References1
Prion
Prion
added 2023/09/12 10:15 a.m.44 views

Design/Logic Flaw

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

6.5CVSS8.7AI score0.01884EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/12 10:15 a.m.3 views

UBUNTU-CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.7AI score0.01884EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/09/12 10:15 a.m.28 views

CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.3AI score0.01884EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/09/12 9:12 a.m.27 views

CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS7.5AI score0.01884EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/12 9:12 a.m.31 views

CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS9AI score0.01884EPSS
Exploits0References3
CVE
CVE
added 2023/09/12 9:12 a.m.199 views

CVE-2023-4759

CVE-2023-4759 (Eclipse JGit) affects all versions

8.8CVSS7.8AI score0.01884EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder