623 matches found
EUVD-2018-21853
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...
EUVD-2026-30478
OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...
CVE-2026-44647 OneDev: Path Traversal (read capability via Git LFS pointer resolution)
OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...
CVE-2026-44647
CVE-2026-44647 affects OneDev (Git server with CI/CD, kanban, and packages). Before version 15.0.2, a repository object can steer raw blob reads to arbitrary local files accessible by the server process, breaking boundary between LFS metadata and server filesystem paths. Impact: a user with push ...
RLSA-2026:16875 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021350)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021350 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is...
OneDev 路径遍历漏洞
OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-019019)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-019019 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Tenable...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...
RHSA-2026:16875 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Oracle Linux 8 : git-lfs (ELSA-2026-16875)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-16875 advisory. 3.4.1-10 - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 3.4.1-9 - Rebuild with new Golang - Resolves: RHEL-156637 Tenable...
MiracleLinux 9 : git-lfs-3.6.1-8.el9_7.1 (AXSA:2026-580:05)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-580:05 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...
RHSA-2026:14200 Red Hat Security Advisory: git-lfs security update
Bulletin has no description...
Oracle Linux 9 : git-lfs (ELSA-2026-14200)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-14200 advisory. 3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651 Tenable has extracted the preceding description block directly...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
git-lfs security update
3.6.1-8.1 - Rebuild with new Golang - Resolves: RHEL-167659, RHEL-170836, RHEL-166651...
RHEL 9 : git-lfs (RHSA-2026:14200)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:14200 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...