CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7619
https://notcve.org/view.php?id=CVE-2020-7619
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. get-git-data versiones hasta 1.3.1, es vulnerable a una Inyección de Comandos. Es posible inyectar comandos arbitrarios como parte de los argumentos proporcionados en get-git-data. • https://github.com/chardos/get-git-data/blob/master/index.js#L7%2C https://snyk.io/vuln/SNYK-JS-GETGITDATA-564222 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6114
https://notcve.org/view.php?id=CVE-2012-6114
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. La utilidad git-changelog en git-extras versión 1.7.0, permite a usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en (1) /tmp/changelog o (2) /tmp/.git-effort. • http://www.openwall.com/lists/oss-security/2013/01/22/8 http://www.openwall.com/lists/oss-security/2013/01/23/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10776
https://notcve.org/view.php?id=CVE-2019-10776
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. En la línea 240 del archivo "index.js", el comando run ejecuta el comando git con una variable controlada por el usuario llamada remoteUrl. Esto afecta a git-diff-apply todas las versiones anteriores a la versión 0.22.2. • https://github.com/ossf-cve-benchmark/CVE-2019-10776 https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5 https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774 https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774%2C • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 8%CPEs: 11EXPL: 0CVE-2019-1387 – git: Remote code execution in recursive clones with nested submodules
https://notcve.org/view.php?id=CVE-2019-1387
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. Se encontró un problema en Git versiones anteriores a v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4 y v2. 14.6. Los clones recursivos están actualmente afectados por una vulnerabilidad causada por una comprobación too-lax de los nombres de submódulos, permitiendo ataques muy específicos por medio de una ejecución de código remota en clones recursivos. A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://access.redhat.com/errata/RHSA-2019:4356 https://access.redhat.com/errata/RHSA-2020:0002 https://access.redhat.com/errata/RHSA-2020:0124 https://access.redhat.com/errata/RHSA-2020:0228 https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&# • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-1353
https://notcve.org/view.php?id=CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. El controlador IEC870IP para Vijeo Citect y Citect SCADA de AVENA y Power SCADA Operation de Schneider Electric, presenta una vulnerabilidad de desbordamiento de búfer que podría resultar en un bloqueo del lado del servidor. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com https://security.gentoo.org/glsa/202003-30 •