Arbitrary File Write

github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of the upload path in the upload process. An attacker can write arbitrary files to any location on the file system, potentially compromising the server, by sending a crafted upload request...

CVE-2025-58158

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

CVE-2025-58158 Harness Affected by Arbitrary File Write in Gitness LFS server

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...