Lucene search
+L

5 matches found

CVE
CVE
added 2020/04/14 10:50 p.m.517 views

CVE-2020-5260

CVE-2020-5260 affects Git by newline-injection in the credential helper protocol, enabling a crafted URL to exfiltrate credentials from one host to another. Affected Git releases were patched in April 2020; fixes are in 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26....

9.3CVSS7.2AI score0.10047EPSS
CVE
CVE
added 2020/04/21 6:40 p.m.480 views

CVE-2020-11008

Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.

7.5CVSS6.5AI score0.03899EPSS
CVE
CVE
added 2020/01/24 9:14 p.m.267 views

CVE-2019-1348

CVE-2019-1348 affects Git prior to 2.24.1 (including 2.23.1, 2.22.2, 2.21.1, etc.). The root cause is that the --export-marks feature of git fast-import is exposed through the in-stream command export-marks=... mechanism, which can overwrite arbitrary paths. This creates a local-attack surface wh...

3.6CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2020/01/24 9:14 p.m.227 views

CVE-2019-1353

CVE-2019-1353 concerns Git behavior under Windows Subsystem for Linux (WSL) when accessing a Windows NTFS working directory, where NTFS protections were not active. Connected documents link a related issue in libgit2 (NTFS filename handling) that can enable remote code execution during repository...

9.8CVSS9.2AI score0.02225EPSS
CVE
CVE
added 2020/02/12 1:58 a.m.221 views

CVE-2014-9390

CVE-2014-9390 describes a remote command-execution risk in Git and several VCS clients when interacting with repositories on case-insensitive filesystems. A crafted .git/config in a tree can trigger arbitrary commands on the server/client, depending on the tool. Affected versions (per provided so...

9.8CVSS9.1AI score0.63178EPSS
Web