Lucene search
K
Git-annex ProjectGit-annex

4 matches found

CVE
CVE
added 2017/08/20 8:0 p.m.92 views

CVE-2017-12976

The CVE-2017-12976 issue affects git-annex prior to version 6.20170818, where an ssh URL with a hostname starting with a dash (for example ssh://-eProxyCommand=) can lead to remote command execution. Root cause: simplistic parsing of ssh URLs allows injection through the hostname. Impact is remot...

8.8CVSS9.2AI score0.0267EPSS
CVE
CVE
added 2018/07/16 8:0 p.m.85 views

CVE-2018-10857

CVE-2018-10857 affects the Git-annex project. The vulnerability allows private data exposure by exposing content of files outside the git-annex repository or content from a private web server on localhost or the LAN. Public sources in connected documents indicate that a fix was released in git-an...

7.5CVSS7.3AI score0.01539EPSS
CVE
CVE
added 2018/07/16 6:0 p.m.75 views

CVE-2018-10859

git-annex (CVE-2018-10859) is vulnerable to Information Exposure when decrypting files. A malicious server on a special remote could trick git-annex into decrypting data encrypted to the user’s gpg key, exposing encrypted data not stored in git-annex. Public advisories show fixes in git-annex aro...

7.5CVSS7.2AI score0.01362EPSS
CVE
CVE
added 2025/06/26 8:59 p.m.42 views

CVE-2014-6274

git-annex vulnerability CVE-2014-6274: when using S3/Glacier remotes with embedcreds=yes and encryption=pubkey or encryption=hybrid, AWS credentials were stored in the repository in plaintext rather than encrypted. Affected range: 3.20121126 through 5.20140919. Impact: anyone with a copy of the r...

7.5CVSS6.4AI score0.00153EPSS