Vulnerabilities > GIT

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2024-32002 Link Following vulnerability in GIT
Git is a revision control system.
network
high complexity
git CWE-59
critical
9.0
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
9.8
2020-04-14 CVE-2020-5260 Insufficiently Protected Credentials vulnerability in multiple products
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.
7.5
2017-06-01 CVE-2017-8386 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
network
low complexity
git opensuse debian canonical fedoraproject
8.8
2010-12-17 CVE-2010-3906 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
network
git git-scm CWE-79
4.3
2009-06-18 CVE-2009-2108 Resource Management Errors vulnerability in GIT
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
network
low complexity
git CWE-399
5.0
2009-01-21 CVE-2008-5916 Permissions, Privileges, and Access Controls vulnerability in GIT
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
local
low complexity
git CWE-264
4.6
2008-08-07 CVE-2008-3546 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GIT
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
network
low complexity
linux git CWE-119
7.5
2006-01-31 CVE-2006-0477 Remote Buffer Overflow vulnerability in GIT
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
network
low complexity
git
7.5