358 matches found
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
AZL-65043 CVE-2025-48384 affecting package git for versions less than 2.45.4-1
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
AZL-65057 CVE-2025-48384 affecting package git for versions less than 2.40.4-2
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
CVE-2025-48384
Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
UBUNTU-CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
GitHub: CVE-2025-48384 Git Symlink Vulnerability
CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a...
PT-2025-28647
Name of the Vulnerable Software and Affected Versions Git versions 2.43.7 through 2.50.1 Description Git contains a link following vulnerability stemming from inconsistent handling of carriage return characters in configuration files. This flaw allows attackers to execute arbitrary code via...
DRUPAL-CONTRIB-2025-075
This module provides a format filter, which allows you to "disable" certain HTML elements e.g. remove their src attribute specified by the user. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attribute...
CVE-2023-1203
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule...
CVE-2022-3514
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the...
Important: git
Issue Overview: A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwri...
ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
This module enables you to define automations on your Drupal site. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability can be mitigated by disabling the "ecaui" submodule, which leaves ECA functionality intact, but the vulnerable routes will no longer be...
CVE-2020-11052
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli
...
Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008
This module enables you to add the Matomo web statistics tracking system to your website. The Matomo Analytics Tag Manager sub-module allows you to add one or more Matomo tag containers on your website. The module does not protect against Cross Site Request Forgeries on routes to enable or disabl...