492 matches found
Amazon Linux 2 : golang (ALAS-2025-2939)
The version of golang installed on the remote host is prior to 1.23.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2939 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description...
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
GO-2025-3828 Unexpected command execution in untrusted VCS repositories in cmd/go
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration...
CVE-2025-54533
CVE-2025-54533 affects JetBrains TeamCity versions prior to 2025.07. The issue is due to improper access control that allows disclosure of build settings via VCS configuration. The CVE entry lists a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, and low co...
CBL Mariner 2.0 Security Update: python3 (CVE-2023-5752)
The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...
MGASA-2025-0205 Updated golang packages fix security vulnerabilities
Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...
SUSE-SU-2025:02295-1 Security update for go1.24
This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118...
Golang 1.23.x < 1.23.11 / 1.24.x < 1.24.5 Command Execution
The version of Golang running on the remote host is 1.23.x prior to 1.23.11, 1.24.x prior to 1.24.3. It is, therefore, affected by a command execution vulnerability as referenced in 74380 advisory. - Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code...
USN-7603-1 composer vulnerabilities
Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...
CVE-2024-51990
jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...
CVE-2021-30005
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS...
CVE-2021-29263
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS...
CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...