Lucene search
Veracode Vulnerability DatabaseVERACODE:35190HistoryApr 21, 2022 - 8:41 a.m.
Arbitrary Code Execution
2022-04-2108:41:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
32.9%
github.com/git-lfs/git-lfs is vulnerable to arbitrary code execution. A remote attacker is able to inject and execute malicious ..exe programs on targeted system when Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in any directory listed in PATH.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/git-lfs/git-lfs | le | v3.1.2 | |
| github.com/git-lfs/git-lfs | le | v3.1.2 |
Related
prion
prion
Design/Logic Flaw
2022-04-20 00:16:00
github
github
Git LFS can execute a binary from the current directory on Windows
2022-04-22 20:13:21
cve
cve
CVE-2022-24826
2022-04-20 00:16:50
osv
osv
Git LFS can execute a binary from the current directory on Windows
2022-04-22 20:13:21
CVE-2022-24826
2022-04-20 00:16:50
BIT-git-lfs-2022-24826
2024-03-06 10:52:05
nvd
nvd
CVE-2022-24826
2022-04-20 00:16:50
cvelist
cvelist