rpm package

almalinux/perl-Git-SVN

pkg:rpm/almalinux/perl-Git-SVN

Vulnerabilities (24)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2025-46835	Hig	8.5		< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jul 10, 2025	Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user ha
CVE-2025-27614	Hig	8.6		< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jul 10, 2025	Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the at
CVE-2025-27613	Low	3.6		< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jul 10, 2025	Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must ha
CVE-2025-48385	Hig	—		< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jul 8, 2025	Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows th
CVE-2025-48384		—	KEV	< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jul 8, 2025	Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config
CVE-2024-52005		—		< 2.47.1-2.el9_6	2.47.1-2.el9_6	Jan 15, 2025	Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed d
CVE-2024-50349		—		< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jan 14, 2025	Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the
CVE-2024-52006		—		< 2.47.3-1.el9_6	2.47.3-1.el9_6	Jan 14, 2025	Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. So
CVE-2024-32465		—		< 2.43.5-1.el9_4	2.43.5-1.el9_4	May 14, 2024	Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repo
CVE-2024-32021		—		< 2.43.5-1.el9_4	2.43.5-1.el9_4	May 14, 2024	Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as th
CVE-2024-32020		—		< 2.43.5-1.el9_4	2.43.5-1.el9_4	May 14, 2024	Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source reposito
CVE-2024-32004		—		< 2.43.5-1.el9_4	2.43.5-1.el9_4	May 14, 2024	Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2
CVE-2024-32002		—		< 2.43.5-1.el9_4	2.43.5-1.el9_4	May 14, 2024	Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a
CVE-2023-29007		—		< 2.39.3-1.el9_2	2.39.3-1.el9_2	Apr 25, 2023	Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::
CVE-2023-25815		—		< 2.39.3-1.el9_2	2.39.3-1.el9_2	Apr 25, 2023	In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's impli
CVE-2023-25652		—		< 2.39.3-1.el9_2	2.39.3-1.el9_2	Apr 25, 2023	Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled
CVE-2023-23946		—		< 2.39.3-1.el9_2	2.39.3-1.el9_2	Feb 14, 2023	Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is r
CVE-2023-22490		—		< 2.39.3-1.el9_2	2.39.3-1.el9_2	Feb 14, 2023	Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Gi
CVE-2022-23521		—		< 2.31.1-3.el8_7	2.31.1-3.el8_7	Jan 17, 2023	Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for p
CVE-2022-41903		—		< 2.31.1-3.el8_7	2.31.1-3.el8_7	Jan 17, 2023	Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove

CVE-2025-46835HigJul 10, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user ha
CVE-2025-27614HigJul 10, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the at
CVE-2025-27613LowJul 10, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must ha
CVE-2025-48385HigJul 8, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows th
CVE-2025-48384KEVJul 8, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config
CVE-2024-52005Jan 15, 2025
affected < 2.47.1-2.el9_6fixed 2.47.1-2.el9_6
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed d
CVE-2024-50349Jan 14, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the
CVE-2024-52006Jan 14, 2025
affected < 2.47.3-1.el9_6fixed 2.47.3-1.el9_6
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. So
CVE-2024-32465May 14, 2024
affected < 2.43.5-1.el9_4fixed 2.43.5-1.el9_4
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repo
CVE-2024-32021May 14, 2024
affected < 2.43.5-1.el9_4fixed 2.43.5-1.el9_4
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as th
CVE-2024-32020May 14, 2024
affected < 2.43.5-1.el9_4fixed 2.43.5-1.el9_4
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source reposito
CVE-2024-32004May 14, 2024
affected < 2.43.5-1.el9_4fixed 2.43.5-1.el9_4
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2
CVE-2024-32002May 14, 2024
affected < 2.43.5-1.el9_4fixed 2.43.5-1.el9_4
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a
CVE-2023-29007Apr 25, 2023
affected < 2.39.3-1.el9_2fixed 2.39.3-1.el9_2
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::
CVE-2023-25815Apr 25, 2023
affected < 2.39.3-1.el9_2fixed 2.39.3-1.el9_2
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's impli
CVE-2023-25652Apr 25, 2023
affected < 2.39.3-1.el9_2fixed 2.39.3-1.el9_2
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled
CVE-2023-23946Feb 14, 2023
affected < 2.39.3-1.el9_2fixed 2.39.3-1.el9_2
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is r
CVE-2023-22490Feb 14, 2023
affected < 2.39.3-1.el9_2fixed 2.39.3-1.el9_2
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Gi
CVE-2022-23521Jan 17, 2023
affected < 2.31.1-3.el8_7fixed 2.31.1-3.el8_7
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for p
CVE-2022-41903Jan 17, 2023
affected < 2.31.1-3.el8_7fixed 2.31.1-3.el8_7
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer ove

Page 1 of 2