rpm package
opensuse/git-lfs&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/git-lfs&distro=openSUSE%20Leap%2015.6
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46835 | Hig | 8.5 | < 3.7.0-150600.13.3.1 | 3.7.0-150600.13.3.1 | Jul 10, 2025 | Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user ha | |
| CVE-2025-27614 | Hig | 8.6 | < 3.7.0-150600.13.3.1 | 3.7.0-150600.13.3.1 | Jul 10, 2025 | Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the at | |
| CVE-2025-27613 | Low | 3.6 | < 3.7.0-150600.13.3.1 | 3.7.0-150600.13.3.1 | Jul 10, 2025 | Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must ha | |
| CVE-2025-48385 | Hig | — | < 3.7.0-150600.13.3.1 | 3.7.0-150600.13.3.1 | Jul 8, 2025 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows th | |
| CVE-2025-48384 | — | KEV | < 3.7.0-150600.13.3.1 | 3.7.0-150600.13.3.1 | Jul 8, 2025 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config | |
| CVE-2024-53263 | Hig | — | < 3.6.1-bp156.2.3.1 | 3.6.1-bp156.2.3.1 | Jan 14, 2025 | Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credential |
- affected < 3.7.0-150600.13.3.1fixed 3.7.0-150600.13.3.1
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user ha
- affected < 3.7.0-150600.13.3.1fixed 3.7.0-150600.13.3.1
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the at
- affected < 3.7.0-150600.13.3.1fixed 3.7.0-150600.13.3.1
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must ha
- affected < 3.7.0-150600.13.3.1fixed 3.7.0-150600.13.3.1
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows th
- affected < 3.7.0-150600.13.3.1fixed 3.7.0-150600.13.3.1
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config
- affected < 3.6.1-bp156.2.3.1fixed 3.6.1-bp156.2.3.1
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credential