4 matches found
CVE-2017-12976
The CVE-2017-12976 issue affects git-annex prior to version 6.20170818, where an ssh URL with a hostname starting with a dash (for example ssh://-eProxyCommand=) can lead to remote command execution. Root cause: simplistic parsing of ssh URLs allows injection through the hostname. Impact is remot...
CVE-2018-10857
CVE-2018-10857 affects the Git-annex project. The vulnerability allows private data exposure by exposing content of files outside the git-annex repository or content from a private web server on localhost or the LAN. Public sources in connected documents indicate that a fix was released in git-an...
CVE-2018-10859
git-annex (CVE-2018-10859) is vulnerable to Information Exposure when decrypting files. A malicious server on a special remote could trick git-annex into decrypting data encrypted to the user’s gpg key, exposing encrypted data not stored in git-annex. Public advisories show fixes in git-annex aro...
CVE-2014-6274
git-annex vulnerability CVE-2014-6274: when using S3/Glacier remotes with embedcreds=yes and encryption=pubkey or encryption=hybrid, AWS credentials were stored in the repository in plaintext rather than encrypted. Affected range: 3.20121126 through 5.20140919. Impact: anyone with a copy of the r...