2 matches found
Sensitive Data Exposure
@finos/git-proxy is vulnerable to sensitive data exposure. The vulnerability is due to improper validation of commits in the pack sent to GitHub, which allows an attacker to inject unreferenced commits containing sensitive data and retrieve them via direct commit URLs without appearing in the...
Information Exposure
Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Information Exposure due to a lack of checking for hidden commits. An attacker can access sensitive repository data by injecting additional commits that ar...