| CVE-2017-17831 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within … |
| CVE-2025-26625 |
high |
— |
8.0 |
|
|
|
5mo ago |
Git LFS may write to arbitrary files via crafted symlinks |
| CVE-2024-53263 |
high |
— |
8.0 |
|
|
|
1y ago |
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without ch… |
| CVE-2021-21237 |
high |
— |
8.0 |
|
|
|
4y ago |
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program … |
| CVE-2020-27955 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Git LFS 2.12.0 allows Remote Code Execution. |
| CVE-2022-24826 |
unknown |
— |
— |
|
|
|
4y ago |
Git LFS can execute a binary from the current directory on Windows |
