VYPR

Git Lfs

by Git Lfs

Source repositories

CVEs (4)

  • CVE-2025-26625HigOct 17, 2025
    risk 0.49cvss epss 0.01

    Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if…

  • CVE-2024-53263HigJan 14, 2025
    risk 0.48cvss epss 0.01

    Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any…

  • CVE-2022-24826Apr 19, 2022
    risk 0.00cvss epss 0.02

    On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems.…

  • CVE-2021-21237Jan 15, 2021
    risk 0.00cvss epss 0.00

    Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does…