138 matches found
DEBIAN-CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
UBUNTU-CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949 XXE vulnerability in Eclipse JGit
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949 XXE vulnerability in Eclipse JGit
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
CVE-2025-4949
CVE-2025-4949 is an XXE vulnerability in Eclipse JGit (ManifestParser used by repo and AmazonS3 transport). IBM documentation links this CVE to IBM WebMethods Integration (on prem) 11.1 with fixes in 11.1 Fix 2 and related 2.0.3 components; IBM security pages list a remediation path via updating ...
Eclipse JGit 代码问题漏洞
Eclipse JGit is an open source Java implementation of the Eclipse Foundation for handling the Git version control system. A security vulnerability exists in Eclipse JGit 7.2.0.202503040940-r and prior versions, which stems from an XML external entity attack when parsing XML files, which could lea...
PT-2025-22326
Name of the Vulnerable Software and Affected Versions Eclipse JGit versions 7.2.0.202503040940-r and older Description The ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol are vulnerable to XML External Entity...
Linux Distros Unpatched Vulnerability : CVE-2023-4759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git...
SUSE CVE-2023-4759
Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...
Security Bulletin: Business Automation Manager Open Editions 8.0.5 - jgit vulnerability
Summary Business Automation Manager Open Editions in version 8.0.5 contains a vulnerability in jgit library, that is used as part of the release. For more information, please see the vulnerability description in the Vulnerability Details section. Vulnerability Details CVEID:CVE-2023-4759...
Security Bulletin: Vulnerability in jgit affect Cloud Pak System [CVE-2023-4759]
Summary Vulnerability in jgit affect Cloud Pak System. IBM Cloud Pak System Addressed vulnerability CVE-2023-4759. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case...
Security Bulletin: IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit (CVE-2023-4759)
Summary A code execution vulnerability in Eclipse JGit used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive...
OPENSUSE-SU-2024:13312-1 eclipse-jgit-5.11.0-9.1 on GA media
These are all security issues fixed in the eclipse-jgit-5.11.0-9.1 package on the GA media of openSUSE Tumbleweed...
RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server
This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 271 Vulnerability Details CVEID:CVE-2023-45285 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when using go get to...
Fedora: Security Advisory for jgit (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: jgit-6.1.0-9.fc40
A pure Java implementation of the Git version control system and command line interface...
jgit: arbitrary file overwrite
Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...