AZL-39939 CVE-2024-3817 affecting package terraform for versions less than 1.3.2-14

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package...

CVE-2024-3817

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package...

Input validation

Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...

CVE-2021-32546

Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...

OS Command Injection in gogs

Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...

CVE-2021-32546

CVE-2021-32546 affects Gogs before 0.12.8 due to missing input validation in internal/db/repo_editor.go, enabling remote code execution. An unprivileged, registered user can overwrite a repository’s Git configuration (e.g., via GUI-created file named with a backslash and renaming to .git/config),...

CVE-2021-32546

Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...

PT-2022-17575 · Unknown · Workspace-Tools

Name of the Vulnerable Software and Affected Versions: workspace-tools versions prior to 0.18.4 Description: The issue concerns Command Injection via git argument injection. When the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function is called, both the remote and...

Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...