Vulnerabilities > GIT SCM > GIT > 2.14.5

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2022-24975 Exposure of Resource to Wrong Sphere vulnerability in Git-Scm GIT
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue.
network
low complexity
git-scm CWE-668
7.5
7.5
2021-08-31 CVE-2021-40330 git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
network
low complexity
git-scm debian
7.5
7.5
2020-04-21 CVE-2020-11008 Insufficiently Protected Credentials vulnerability in multiple products
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.
network
low complexity
git-scm debian canonical fedoraproject CWE-522
7.5
7.5
2020-01-24 CVE-2019-1353 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
network
low complexity
git-scm opensuse
critical
 9.8
9.8
2020-01-24 CVE-2019-1348 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
local
low complexity
git-scm opensuse
3.3
3.3
2019-12-18 CVE-2019-1387 Unspecified vulnerability in Git-Scm GIT
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
network
low complexity
git-scm
8.8
8.8
2019-12-11 CVE-2019-19604 Missing Authorization vulnerability in multiple products
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. 		7.8
7.8
2018-11-23 CVE-2018-19486 Untrusted Search Path vulnerability in Git-Scm GIT
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
network
low complexity
git-scm linux canonical CWE-426
7.5
7.5
2018-02-09 CVE-2018-1000021 Improper Input Validation vulnerability in Git-Scm GIT
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE.
network
git-scm CWE-20
6.8
6.8