CNNVD-202510-2487 Information
CNNVD ID
CNNVD-202510-2487
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
Git Lfs是Git Lfs团队的一个用于git项目中处理大文件的命令行工具。 Git Lfs 0.5.2版本至3.7.0版本存在后置链接漏洞,该漏洞源于未检查符号链接,可能导致写入任意文件系统位置。
Description (English)
Git Lfs is a command line tool used by the Git Lfs team to process large files in the Git project. There is a backlink loophole in Git Lfs versions 0.5.2 to 3.7.0, which originates from unchecked symbol links and may lead to writing to any file system location.
Hazard Level
High
Vulnerability Type
后置链接
Affected Vendor
Git Lfs
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1 https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5 https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8 https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396 https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615 https://vigilance.fr/vulnerability/Git-LFS-directory-traversal-via-Symbolic-Hard-Links-48606
Patch
https://github.com/git-lfs/git-lfs/releases
Share on: