Количество 3
Количество 3
CVE-2024-41956
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5.
GHSA-m445-w3xr-vp2f
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
BDU:2024-07087
Уязвимость Git-сервера Soft Serve, связанная с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-41956 Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5. | CVSS3: 8.1 | 0% Низкий | больше 1 года назад |
| GHSA-m445-w3xr-vp2f soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests | CVSS3: 8.1 | 0% Низкий | больше 1 года назад |
 | BDU:2024-07087 Уязвимость Git-сервера Soft Serve, связанная с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.1 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу