Lucene search
K
Git-scmGit

8 matches found

CVE
CVE
added 2021/03/09 12:0 a.m.1019 views

CVE-2021-21300

Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...

8CVSS7.7AI score0.88644EPSS
CVE
CVE
added 2022/10/19 12:0 a.m.597 views

CVE-2022-39260

Git Shell command-argument parsing bug (CVE-2022-39260) in pre-2.30.6…2.37.4 allows an attacker with SSH access to a Git shell login to overflow an int-based count when building the argv array, enabling arbitrary heap writes and potential remote code execution via execv(). Affected setups require...

8.8CVSS9.2AI score0.02938EPSS
CVE
CVE
added 2025/07/08 6:23 p.m.533 views

CVE-2025-48384

Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...

8CVSS6.4AI score0.02775EPSS
In wild
CVE
CVE
added 2024/05/14 6:46 p.m.444 views

CVE-2024-32004

CVE-2024-32004 affects Git and enables arbitrary code execution during cloning when a local repository is crafted by an attacker. It targets pre-patch releases prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Affected versions can execute code during the clone operation if the...

8.1CVSS7.6AI score0.01271EPSS
CVE
CVE
added 2019/12/18 8:11 p.m.441 views

CVE-2019-1387

CVE-2019-1387 affects Git prior to the fix in 2.24.1, due to too-lax validation of submodule names during recursive clones. This could allow remote code execution when cloning a repository with submodules. Public advisories note the vulnerability and cite fixes in Git versions 2.24.1 and later; s...

8.8CVSS8.9AI score0.04426EPSS
CVE
CVE
added 2017/10/04 1:0 a.m.308 views

CVE-2017-1000117

CVE-2017-1000117 is a command-injection vulnerability in Git caused by insufficient validation of ssh:// URL handling, enabling arbitrary code execution when a malicious URL is processed (e.g., via git clone --recurse-submodules or a crafted .gitmodules). The connected advisories confirm the issu...

8.8CVSS7.9AI score0.77823EPSS
CVE
CVE
added 2023/01/17 9:3 p.m.160 views

CVE-2022-41953

CVE-2022-41953 affects Git GUI (Git for Windows). When cloning a repository with Git GUI, post-processing may run a spell checker binary named aspell.exe from the repository’s top-level directory due to Tcl on Windows searching the current directory first. If a malicious repo ships a crafted aspe...

8.6CVSS7.6AI score0.06796EPSS
CVE
CVE
added 2017/03/20 12:0 a.m.157 views

CVE-2014-9938

CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...

8.8CVSS8.5AI score0.0232EPSS