Vulnerabilities > GIT SCM > GIT > 2.13.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-24975 | Exposure of Resource to Wrong Sphere vulnerability in Git-Scm GIT The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. | 7.5 |
| 2021-08-31 | CVE-2021-40330 | git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | 7.5 |
| 2021-03-09 | CVE-2021-21300 | Link Following vulnerability in multiple products Git is an open-source distributed revision control system. | 7.5 |
| 2020-04-21 | CVE-2020-11008 | Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. | 7.5 |
| 2019-12-11 | CVE-2019-19604 | Missing Authorization vulnerability in multiple products Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | 7.8 |
| 2018-11-23 | CVE-2018-19486 | Untrusted Search Path vulnerability in Git-Scm GIT Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | 7.5 |
| 2018-02-09 | CVE-2018-1000021 | Improper Input Validation vulnerability in Git-Scm GIT GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. | 6.8 |
| 2017-10-14 | CVE-2017-15298 | Resource Exhaustion vulnerability in Git-Scm GIT Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. | 4.3 |