USN-8012-1 gh vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

CVE-2024-50338

Git Credential Manager (GCM) on Windows/macOS/Linux is affected by CVE-2024-50338 due to a newline handling mismatch with Git. GCM’s ReadLineAsync accepts LF, CRLF, and CR, while Git’s credential parsing forbids an isolated CR, enabling an attacker to craft a malicious remote URL (for example, ht...

AZL-53477 CVE-2024-53858 affecting package gh for versions less than 2.62.0-5

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CentOS 8 : git (CESA-2019:4356)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4356 advisory. - git: Arbitrary path overwriting via export-marks in-stream command feature CVE-2019-1348 - git: Recursive submodule cloning allows using git director...

CVE-2020-26233

GCM Core on Windows is affected by CVE-2020-26233 prior to 2.0.289. When recursively cloning a repo with submodules, Git Credential Manager Core may start a malicious git.exe in the top-level repository instead of the PATH git when reading configuration, potentially enabling code execution. The i...

OPENSUSE-SU-2020:0123-1 Security update for git

This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. - CVE-2019-19604: Fixed a recursive clone...

Oracle Linux 8 : git (ELSA-2019-4356)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4356 advisory. - Remote code execution in recursive clones with nested submodules Resolves: CVE-2019-1387 Tenable has extracted the preceding description block direct...

RHEL 8 : git (RHSA-2019:4356)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4356 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

MGASA-2019-0393 Updated git packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. CVE-2019-1348 When submodules are cloned recursively, under certain circumstances Git could...