Lucene search
K

4 matches found

CVE
CVE
added 2026/05/08 1:43 p.m.29 views

CVE-2026-41506

go-git is vulnerable to credential leakage during smart-HTTP redirects in clone/fetch operations prior to versions 5.18.0 and 6.0.0-alpha.2. The issue, a cross-host redirect exposure, has been patched in 5.18.0 and 6.0.0-alpha.2. Impact is a potential exposure of HTTP credentials during redirects...

7.4CVSS5.7AI score0.00259EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/17 10:31 p.m.9 views

go-git: Credential leak via cross-host redirect in smart HTTP transport

Impact go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. If a remote repository responds to the initial /info/refs request with a redirect to a different host, go-git updates the session endpoint to the redirected location and...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2024/02/12 3:42 p.m.16 views

libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...

8.3AI score
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2024/02/06 12:0 a.m.24 views

Libgit2 -- multiple vulnerabilities

Git community reports: A bug in gitrevparsesingle is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in gitrevparsesingle is fixed that could have caused the function to...

9.8CVSS7.1AI score0.01546EPSS
Exploits0References1
Rows per page
Query Builder