Vulnerabilities > GIT Large File Storage Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-20 | CVE-2022-24826 | Untrusted Search Path vulnerability in GIT Large File Storage Project GIT Large File Storage On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. | 7.8 |
2021-01-15 | CVE-2021-21237 | Unspecified vulnerability in GIT Large File Storage Project GIT Large File Storage Git LFS is a command line extension for managing large files with Git. | 7.8 |
2020-11-05 | CVE-2020-27955 | Uncontrolled Search Path Element vulnerability in GIT Large File Storage Project GIT Large File Storage 2.12.0 Git LFS 2.12.0 allows Remote Code Execution. | 9.8 |
2017-12-21 | CVE-2017-17831 | Improper Input Validation vulnerability in GIT Large File Storage Project GIT Large File Storage GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. | 8.8 |