12 matches found
ROS-20251203-13
A vulnerability in the checkout and pull functions of the Git extension for version control of large Git LFS files is related to incorrect definition of symbolic links during file access. Exploitation of the vulnerability could allow an attacker acting remotely to gain write access to arbitrary...
EUVD-2021-0763
Malware in sbrugna...
CVE-2023-53104
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
PT-2025-18868 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the skb pull function in the smsc75xx driver, where a packet length check needs to be moved to prevent a...
OS Command Injection in giting
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...
GHSA-7R9X-HR76-JR96 Command Injection in giting
All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix is current...
Command Injection in giting
All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix is current...
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull" is executed by the package without any validation...
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull" is executed by the package without any validation...
CVE-2019-10802
CVE-2019-10802 affects giting prior to version 0.0.8. The vulnerability arises because the first argument of the pull() function, named repo, is executed by the package without input validation, allowing arbitrary command execution (command injection). Several sources (Red Hat, Snyk, CNVD, GHSA, ...
Command Injection
Overview giting is a Git server. Affected versions of this package are vulnerable to Command Injection. The first argument "repo" of function pull is executed by the package without any validation. PoC by JHU System Security Lab var Test = require"giting"; var injectioncommand = ";echo vulnerable...
Command Injection
Overview All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix i...