Skip to main content

Git Large File Storage

4 CVEs product

Monthly

CVE-2022-24826 Go HIGH PATCH This Week

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Git Large File Storage
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-21237 Go HIGH PATCH This Week

Git LFS is a command line extension for managing large files with Git. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Git Large File Storage
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27955 Go CRITICAL POC PATCH THREAT Emergency

Git LFS 2.12.0 allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Git Large File Storage
NVD GitHub
CVSS 3.1
9.8
EPSS
82.7%
CVE-2017-17831 Go HIGH POC PATCH This Week

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Git Large File Storage
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
EPSS 2% CVSS 7.8
HIGH PATCH This Week

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Git Large File Storage
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Git LFS is a command line extension for managing large files with Git. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Git Large File Storage
NVD GitHub
EPSS 83% CVSS 9.8
CRITICAL POC PATCH THREAT Emergency

Git LFS 2.12.0 allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Git Large File Storage
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Git Large File Storage
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy