Количество 12
Количество 12
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after whic...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which f
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS vers ...
RLSA-2025:23745
Important: git-lfs security update
RLSA-2025:23744
Important: git-lfs security update
RLSA-2025:23667
Important: git-lfs security update
GHSA-6pvw-g552-53c5
Git LFS may write to arbitrary files via crafted symlinks
ELSA-2025-23745
ELSA-2025-23745: git-lfs security update (IMPORTANT)
ELSA-2025-23744
ELSA-2025-23744: git-lfs security update (IMPORTANT)
ELSA-2025-23667
ELSA-2025-23667: git-lfs security update (IMPORTANT)
BDU:2025-13253
Уязвимость функций checkout() и pull() расширения Git для управления версиями больших файлов Git LFS, позволяющая нарушителю получить доступ на запись произвольных файлов
ROS-20251203-13
Уязвимость git-lfs
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after whic... | 0% Низкий | 3 месяца назад | |
 | CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which f | 0% Низкий | 3 месяца назад | |
| CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS vers ... | 0% Низкий | 3 месяца назад | |
 | RLSA-2025:23745 Important: git-lfs security update | 0% Низкий | 24 дня назад | |
| RLSA-2025:23744 Important: git-lfs security update | 0% Низкий | 24 дня назад | |
| RLSA-2025:23667 Important: git-lfs security update | 0% Низкий | 27 дней назад | |
| GHSA-6pvw-g552-53c5 Git LFS may write to arbitrary files via crafted symlinks | 0% Низкий | 3 месяца назад | |
| ELSA-2025-23745 ELSA-2025-23745: git-lfs security update (IMPORTANT) | 27 дней назад | ||
| ELSA-2025-23744 ELSA-2025-23744: git-lfs security update (IMPORTANT) | 27 дней назад | ||
| ELSA-2025-23667 ELSA-2025-23667: git-lfs security update (IMPORTANT) | 30 дней назад | ||
 | BDU:2025-13253 Уязвимость функций checkout() и pull() расширения Git для управления версиями больших файлов Git LFS, позволяющая нарушителю получить доступ на запись произвольных файлов | CVSS3: 8.1 | 0% Низкий | 3 месяца назад |
 | ROS-20251203-13 Уязвимость git-lfs | CVSS3: 8.1 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу