git-annex Project git-annex

CPE Details

git-annex Project git-annex
git-annex_project
git-annex
-
2020-02-10
13h42 +00:00
2020-02-10
13h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:git-annex_project:git-annex:-:*:*:*:*:*:*:*

Informations

Vendor

git-annex_project

Product

git-annex

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-10857 2018-07-16 18h00 +00:00 git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
7.5
High
CVE-2018-10859 2018-07-16 16h00 +00:00 git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
7.5
High
CVE-2017-12976 2017-08-20 18h00 +00:00 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.