Lucene search
K

623 matches found

OSV
OSV
added 2026/01/26 1:50 p.m.8 views

USN-7977-1 git-lfs vulnerabilities

Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. CVE-2024-53263 It was discovered that Git LFS could have its git lfs checkout and git lfs...

8.6CVSS7.2AI score0.0104EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/23 12:31 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker can remove LFS locks from repositories they do not own by leveraging write access to a...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/01/22 10:1 p.m.4 views

CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References5
OSV
OSV
added 2026/01/22 10:1 p.m.9 views

CVE-2026-20897 Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : git-lfs-2.13.3-3.el8 (AXSA:2022-3920:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3920:02 advisory. golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension CVE-2020-28851 golang.org/x/text: Panic in...

7.5CVSS7.1AI score0.02607EPSS
Exploits5References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : git-lfs-3.4.1-3.el8_10 (AXSA:2024-8855:06)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8855:06 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

7.5CVSS7.8AI score0.01127EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : git-lfs-3.2.0-3.el8_9 (AXSA:2024-7734:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7734:01 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288,VU421644.3 Tenable has extracted the preceding description...

7.5CVSS7.3AI score0.91969EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : git-lfs-3.4.1-4.el9_4 (AXSA:2024-8856:07)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8856:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

7.5CVSS7.6AI score0.01127EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : git-lfs-3.4.1-2.el8 (AXSA:2024-8248:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8248:04 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : git-lfs-3.2.0-1.el9 (AXSA:2023-5844:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5844:01 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: net/http/httputil: ReverseProxy should not forward...

7.5CVSS7.2AI score0.05623EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : git-lfs-3.2.0-2.el8 (AXSA:2023-5956:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5956:02 advisory. golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: regexp/syntax: limit memory used by...

7.5CVSS7.7AI score0.05623EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/01/17 12:24 a.m.4 views

SUSE CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path...

5.4CVSS7AI score0.00273EPSS
Exploits1References2
OSV
OSV
added 2026/01/14 10:39 a.m.4 views

RHSA-2026:0465 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

8.1CVSS6.9AI score0.00697EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : git-lfs-3.4.1-4.el9_5 (AXSA:2025-9577:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9577:01 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...

8.5CVSS7.3AI score0.0104EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

RHEL 8 : git-lfs (RHSA-2026:0459)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0459 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

8.6CVSS5.3AI score0.00697EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : git-lfs-3.4.1-4.el8_10 (AXSA:2025-9621:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9621:02 advisory. git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 Tenable has extracted the preceding description block directly from...

8.5CVSS7.3AI score0.0104EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : git-lfs-3.4.1-5.el8_10 (AXSA:2025-10027:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10027:03 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

9.1CVSS7.2AI score0.00778EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

RHEL 8 : git-lfs (RHSA-2026:0460)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0460 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

8.6CVSS5.3AI score0.00697EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 9 : git-lfs-3.6.1-1.el9 (AXSA:2025-10212:04)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10212:04 advisory. golang: crypto/tls: panic when processing post-handshake message on QUIC connections CVE-2023-39321 golang: crypto/tls: lack of a limit on buffered...

9.8CVSS7.4AI score0.01952EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : git-lfs-3.6.1-2.el9_6 (AXSA:2025-10545:05)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10545:05 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block...

9.1CVSS7.2AI score0.00778EPSS
Exploits0References2
Rows per page
Query Builder