Exposição de git

Development

34

score de exposição

60

sites usam

1

em exploração

4

críticos

CVEs

38 resultados

CVE-2024-32021LOWLocal Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directoryEPSS 1.0%CVE-2024-32465HIGHGit's protections for cloning untrusted repositories can be bypassedEPSS 0.9%CVE-2025-48385HIGHGit alllows arbitrary file writes via bundle-uri parameter injectionEPSS 0.8%CVE-2022-24765MEDIUMUncontrolled search for the Git directory in Git for WindowsEPSS 0.8%CVE-2023-22490MEDIUMGit vulnerable to local clone-based data exfiltration with non-local transportsEPSS 0.7%CVE-2024-50349LOWGit does not sanitize URLs when asking for credentials interactivelyEPSS 0.6%CVE-2024-32020LOWCloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at willEPSS 0.5%CVE-2024-52005HIGHThe sideband payload is passed unfiltered to the terminal in gitEPSS 0.5%CVE-2022-29187HIGHBypass of safe.directory protections in GitEPSS 0.4%CVE-2019-1348—An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The EPSS 0.4%CVE-2023-23618HIGHgitk can inadvertently call executables in the worktreeEPSS 0.4%CVE-2023-29011HIGHGit for Windows's config file of `connect.exe` is susceptible to malicious placingEPSS 0.4%CVE-2023-29012HIGHGit CMD erroneously executes `doskey.exe` in the current directory, if it existsEPSS 0.4%CVE-2022-31012HIGHGit for Windows' installer can be tricked into executing an untrusted binaryEPSS 0.4%CVE-2023-22743HIGHGit for Windows' installer is susceptible to DLL side loading attacksEPSS 0.4%CVE-2025-48386MEDIUMGit allows a buffer overflow in 'wincred' credential helperEPSS 0.3%CVE-2026-32631HIGHGit for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary serversEPSS 0.3%CVE-2025-66413HIGHGit for Windows leaks NTLM hash when cloning from an attacker-controlled serverEPSS 0.3%

← anteriorpágina 2 / 2próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →