Lucene search
K
Git-scmGit2.15.0

6 matches found

CVE
CVE
added 2018/10/06 2:0 p.m.651 views

CVE-2018-17456

CVE-2018-17456 is a remote code execution in Git triggered when processing a recursive clone of a superproject if a .gitmodules URL starts with a dash. Affected Git versions include 2.14.5 and later 2.15.x/2.16.x/2.17.x/2.18.x/2.19.x before the fixed releases listed (e.g., 2.14.5 and subsequent u...

9.8CVSS9.3AI score0.97356EPSS
Web
CVE
CVE
added 2018/05/30 4:0 a.m.441 views

CVE-2018-11235

CVE-2018-11235 affects Git prior to 2.17.1 (and also 2.13.7, 2.14.4, 2.15.2, 2.16.4, 2.17.1 as listed in advisories). A crafted .gitmodules file can cause directory traversal in submodule names, leading to a malicious project triggering a chain where submodule names are appended to $GIT_DIR/modul...

7.8CVSS8.1AI score0.49188EPSS
Web
CVE
CVE
added 2019/12/18 8:11 p.m.441 views

CVE-2019-1387

CVE-2019-1387 affects Git prior to the fix in 2.24.1, due to too-lax validation of submodule names during recursive clones. This could allow remote code execution when cloning a repository with submodules. Public advisories note the vulnerability and cite fixes in Git versions 2.24.1 and later; s...

8.8CVSS8.9AI score0.04426EPSS
CVE
CVE
added 2018/05/30 4:0 a.m.285 views

CVE-2018-11233

CVE-2018-11233 affects Git on NTFS pathname sanity checking, causing potential out-of-bounds reads. Affected: Git versions before 2.13.7, and 2.14.x/2.15.x/2.16.x/2.17.x before the listed patch levels. Impact: potential information disclosure and/or memory access concerns; no explicit exploitatio...

7.5CVSS7.5AI score0.04309EPSS
CVE
CVE
added 2020/01/24 9:14 p.m.264 views

CVE-2019-1348

CVE-2019-1348 affects Git prior to 2.24.1 (including 2.23.1, 2.22.2, 2.21.1, etc.). The root cause is that the --export-marks feature of git fast-import is exposed through the in-stream command export-marks=... mechanism, which can overwrite arbitrary paths. This creates a local-attack surface wh...

3.6CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2020/01/24 9:14 p.m.225 views

CVE-2019-1353

CVE-2019-1353 concerns Git behavior under Windows Subsystem for Linux (WSL) when accessing a Windows NTFS working directory, where NTFS protections were not active. Connected documents link a related issue in libgit2 (NTFS filename handling) that can enable remote code execution during repository...

9.8CVSS9.2AI score0.02225EPSS