Lucene search
K

623 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the LFS mirror synchronization process. An attacker can bypass configured HTTP transport restrictions by initiating LFS push or sync mirror operations, allowing unauthorized network requests to be made outside o...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the LFS object reuse process. An attacker can gain unauthorized access to private source objects by leveraging repository access without having the required Code-unit permissions...

7.1CVSS7.2AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 8:54 p.m.20 views

CVE-2026-58423

The CVE-2026-58423 entry concerns Gitea’s LFS authentication: a malformed SSH sub-verb allows unauthorized read access to private repositories. The issue is described as an authentication bypass that can enable read access without credentials, affecting LFS handling in affected Gitea deployments....

7.7CVSS5.9AI score0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.24 views

CVE-2026-28740

CVE-2026-28740 affects Gitea up to version 1.26.2. The issue allows Git LFS object reuse to authorize private source objects for users with repository access but without Code-unit access (root cause: LFS object reuse bypassing Code-unit authorization). Impact is unauthorized access to private sou...

7.1CVSS7.1AI score0.00323EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.19 views

CVE-2026-26292

Gitea versions before 1.25.5 are affected: LFS push and LFS mirror synchronization do not use the migration HTTP transport, bypassing configured migration transport protections for those requests. This is evidenced by CVE-2026-26292 and corroborated by multiple connected sources (NVD/NIST and thi...

9.8CVSS5.9AI score0.00482EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55607

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Git LFS Large File Storage object reuse allows users with repository access to authorize private source objects even if they lack Code-unit access. Recommendations Update Gitea to version 1.26.3 or...

7.1CVSS7AI score0.00323EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.20 views

PT-2026-55598

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description LFS push and sync mirror operations do not utilize the migration HTTP transport. This behavior allows LFS requests to bypass the configured migration transport protections. Recommendations Update Gite...

9.8CVSS6.1AI score0.00482EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/07/01 12:3 p.m.6 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

9.6CVSS6.7AI score0.00478EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/07/01 6:0 a.m.5 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

9.6CVSS6.7AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/06/30 10:49 a.m.5 views

RHSA-2026:30855 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

8.2CVSS7.2AI score0.00478EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

AlmaLinux 10 : git-lfs (ALSA-2026:30855)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:30855 advisory. golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 Tenable has extracted the...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Oracle Linux 9 : git-lfs (ELSA-2026-30854)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-30854 advisory. - Fix CVE-2026-39821: vendored golang.org/x/net/idna ToUnicode incorrectly accepting all-ASCII xn-- labels Tenable has extracted the preceding description bloc...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.3 views

Oracle Linux 8 : git-lfs (ELSA-2026-30853)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-30853 advisory. - Backport CVE-2026-39821 fix vendored golang.org/x/net IDNA Tenable has extracted the preceding description block directly from the Oracle Linux security...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

RHEL 10 : git-lfs (RHSA-2026:30855)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30855 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:29 a.m.6 views

RHSA-2026:30854 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

8.2CVSS6.6AI score0.00478EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/29 5:8 a.m.6 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.6CVSS6.8AI score0.00478EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Oracle Linux 9 : git-lfs (ELSA-2026-19350)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19350 advisory. 3.7.1-4 - Rebuild with new Golang - Resolves: RHEL-158765, RHEL-166675, RHEL-167677, RHEL-170838 Tenable has extracted the preceding description block...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 2:19 p.m.13 views

CLEANSTART-2026-PE03587 Security fixes for CVE-2021-38561, CVE-2022-27191 applied in versions: 3.1.2-r3, 3.1.2-r4

Multiple security vulnerabilities affect the git-lfs package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.5AI score0.03931EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 2:19 p.m.16 views

CLEANSTART-2026-RR97166 Security fixes for CVE-2021-38561, CVE-2022-27191 applied in versions: 3.1.2-r3, 3.1.2-r4

Multiple security vulnerabilities affect the git-lfs package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS7.2AI score0.03931EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/06/02 2:26 p.m.21 views

CVE-2026-39821 affecting package git-lfs for versions less than 3.6.1-3

CVE-2026-39821 affecting package git-lfs for versions less than 3.6.1-3. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Rows per page
Query Builder