Lucene search
K

8 matches found

OSV
OSV
added 2026/01/27 1:16 a.m.2 views

DEBIAN-CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS8.4AI score0.00211EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/27 12:45 a.m.3 views

CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS5.9AI score0.00211EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/01/27 12:45 a.m.6 views

CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS8.4AI score0.00211EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/01/27 12:45 a.m.6 views

CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS5.9AI score0.00211EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/27 12:45 a.m.2 views

CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS5.9AI score0.00211EPSS
Exploits1References4
OSV
OSV
added 2025/10/08 5:41 p.m.21 views

JLSEC-2025-5 Lack of validation for user-provided fields in GitHub.jl

There is a lack of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validated or safely encoded and are sent directly to the server. Impact This means a user can add path...

8.7CVSS6.9AI score0.00414EPSS
Exploits0
NVD
NVD
added 2025/08/26 2:15 a.m.6 views

CVE-2025-8447

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the...

7CVSS0.00283EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/05 9:10 p.m.74 views

Security update for gitolite (moderate)

This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains: - fi...

7.9AI score0.01166EPSS
Exploits0References1
Rows per page
Query Builder