Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Soft Serve allows arbitrary code execution by crafting git-lfs requests
Vulnerability Description
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Soft Serve 安全漏洞
Vulnerability Description
Soft Serve是Charm开源的一个可自托管的命令行 Git 服务器。 Soft Serve 0.7.5之前版本存在安全漏洞,该漏洞源于环境变量的不当处理。用户可以在提交文件时通过环境操纵和Git执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A