Lucene search
+L
Git-scmGit

14 matches found

CVE
CVE
added 2023/02/14 7:48 p.m.694 views

CVE-2023-23946

Git is affected by CVE-2023-23946. Prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8, a crafted input to git apply can cause a path outside the working tree to be overwritten by the running user. A fix is prepared and will be released in the list...

7.5CVSS6.8AI score0.01144EPSS
CVE
CVE
added 2023/04/25 8:9 p.m.654 views

CVE-2023-29007

Git CVE-2023-29007 affects multiple Git versions prior to 2.30.9–2.40.1. A bug in config.c (git_config_copy_or_rename_section_in_file) allows injection of arbitrary configuration via a long .gitmodules submodule URL, enabling execution of user-controlled executables when removing a submodule sect...

7.8CVSS7.8AI score0.06079EPSS
CVE
CVE
added 2023/04/25 7:17 p.m.579 views

CVE-2023-25652

CVE-2023-25652 affects Git before 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1.** The vulnerability arises when feeding specially crafted input to git apply --reject, which can cause a path outside the working tree to be overwritten with partially con...

7.5CVSS7.7AI score0.51883EPSS
CVE
CVE
added 2022/04/12 12:0 a.m.545 views

CVE-2022-24765

CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...

7.8CVSS7AI score0.00782EPSS
CVE
CVE
added 2020/04/21 6:40 p.m.480 views

CVE-2020-11008

Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.

7.5CVSS6.5AI score0.03899EPSS
CVE
CVE
added 2018/05/30 4:0 a.m.445 views

CVE-2018-11235

CVE-2018-11235 affects Git prior to 2.17.1 (and also 2.13.7, 2.14.4, 2.15.2, 2.16.4, 2.17.1 as listed in advisories). A crafted .gitmodules file can cause directory traversal in submodule names, leading to a malicious project triggering a chain where submodule names are appended to $GIT_DIR/modul...

7.8CVSS8.1AI score0.49188EPSS
Web
CVE
CVE
added 2024/05/14 7:18 p.m.400 views

CVE-2024-32465

Git vulnerability CVE-2024-32465 affects local-cloning scenarios and can allow arbitrary code execution when cloning repositories from untrusted sources. Astra Linux documents indicate affected Git before 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, with patches in 2.45.1, 2.44.1, ...

7.8CVSS6.2AI score0.00909EPSS
CVE
CVE
added 2024/05/14 7:15 p.m.337 views

CVE-2024-32021

CVE-2024-32021 affects Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. When cloning a local repository that contains symlinks over the filesystem, Git may create hardlinks to arbitrary user-readable files in the destination repo’s objects/ directory. Also, clonin...

7.1CVSS7AI score0.00956EPSS
CVE
CVE
added 2018/05/30 4:0 a.m.290 views

CVE-2018-11233

CVE-2018-11233 affects Git on NTFS pathname sanity checking, causing potential out-of-bounds reads. Affected: Git versions before 2.13.7, and 2.14.x/2.15.x/2.16.x/2.17.x before the listed patch levels. Impact: potential information disclosure and/or memory access concerns; no explicit exploitatio...

7.5CVSS7.5AI score0.04309EPSS
CVE
CVE
added 2021/08/31 12:0 a.m.267 views

CVE-2021-40330

CVE-2021-40330 affects the Git project: in git_connect_git (connect.c) of Git before 2.30.1, a repository path can contain a newline character, which may trigger unexpected cross-protocol requests as demonstrated by a crafted git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 sequence. The vulne...

7.5CVSS7.3AI score0.03074EPSS
Web
CVE
CVE
added 2022/07/12 12:0 a.m.265 views

CVE-2022-29187

CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...

7.8CVSS7.2AI score0.00444EPSS
CVE
CVE
added 2022/02/11 12:0 a.m.190 views

CVE-2022-24975

Technical details about CVE-2022-24975 are not publicly provided in the supplied documents. No vendor/product/version specifics or fixes are described here. Monitor for updates from official advisories.

7.5CVSS7.5AI score0.02645EPSS
CVE
CVE
added 2009/01/20 4:0 p.m.118 views

CVE-2008-5516

CVE-2008-5516 affects Git-related web interface gitweb (1.5.x up to 1.5.5). The issue arises in the gitweb.cgi script’s handling of git_search input, where shell metacharacters are not properly sanitized, enabling an unauthenticated remote attacker to execute arbitrary commands on the server with...

7.5CVSS7.5AI score0.04351EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.92 views

CVE-2010-2542

Git: Privilege escalation vulnerability CVE-2010-2542 — stack-based buffer overflow in is_git_directory (setup.c) in Git up to 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file. Affected: Git before 1.7.2.1. Impact: local privilege escalation. Mitigation: upgra...

7.5CVSS6.6AI score0.02507EPSS