Bitnami package
git-lfs
pkg:bitnami/git-lfs
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-26625 | Hig | — | >= 0.5.2, < 3.7.1 | 3.7.1 | Oct 17, 2025 | Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbol | |
| CVE-2024-53263 | Hig | — | >= 0.1.0, < 3.6.1 | 3.6.1 | Jan 14, 2025 | Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credential | |
| CVE-2022-24826 | — | >= 2.12.1, < 3.1.3 | 3.1.3 | Apr 19, 2022 | On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Simil | ||
| CVE-2021-21237 | — | < 2.13.2 | 2.13.2 | Jan 15, 2021 | Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does n | ||
| CVE-2020-27955 | — | >= 2.12.0, < 2.12.1 | 2.12.1 | Nov 5, 2020 | Git LFS 2.12.0 allows Remote Code Execution. |
- affected >= 0.5.2, < 3.7.1fixed 3.7.1
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbol
- affected >= 0.1.0, < 3.6.1fixed 3.6.1
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credential
- CVE-2022-24826Apr 19, 2022affected >= 2.12.1, < 3.1.3fixed 3.1.3
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Simil
- CVE-2021-21237Jan 15, 2021affected < 2.13.2fixed 2.13.2
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does n
- CVE-2020-27955Nov 5, 2020affected >= 2.12.0, < 2.12.1fixed 2.12.1
Git LFS 2.12.0 allows Remote Code Execution.