Vulnerabilities > GIT Large File Storage Project

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-24826 Untrusted Search Path vulnerability in GIT Large File Storage Project GIT Large File Storage
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code.
7.8
2021-01-15 CVE-2021-21237 Unspecified vulnerability in GIT Large File Storage Project GIT Large File Storage
Git LFS is a command line extension for managing large files with Git.
local
low complexity
git-large-file-storage-project
7.8
2020-11-05 CVE-2020-27955 Uncontrolled Search Path Element vulnerability in GIT Large File Storage Project GIT Large File Storage 2.12.0
Git LFS 2.12.0 allows Remote Code Execution.
network
low complexity
git-large-file-storage-project CWE-427
critical
9.8
2017-12-21 CVE-2017-17831 Improper Input Validation vulnerability in GIT Large File Storage Project GIT Large File Storage
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
network
low complexity
git-large-file-storage-project CWE-20
8.8