CNNVD-202507-1034 Information
CNNVD ID
CNNVD-202507-1034
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Git是Git开源的一套免费、开源的分布式版本控制系统。 Git存在参数注入漏洞,该漏洞源于当用户克隆不受信任的存储库并被诱骗编辑存储库中恶意命名目录中的文件时,Git GUI 可以创建并覆盖任何可写文件。
Description (English)
Git is a free, open source distributed version control system for Git open source. Git had a gap in parameters, which stemmed from the fact that Git GUI could create and overwhelm any writingable document when the user cloned untrustworthy repository and was lured into editing documents in a maliciously named directory in the repository.
Hazard Level
Medium
Vulnerability Type
参数注入
Affected Vendor
git-annex
Published
2025-07-08
Last Modified
2026-02-24
References
https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://vigilance.fr/vulnerability/Git-GUI-file-creation-via-Directory-Name-47665 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46835