Search CVE reports
1 – 5 of 5 results
Some fixes available 3 of 5
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
1 affected package
pagure
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pagure | Fixed | Fixed | Fixed | — |
Some fixes available 3 of 5
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
1 affected package
pagure
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pagure | Fixed | Fixed | Fixed | — |
Some fixes available 2 of 4
A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.
1 affected package
pagure
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pagure | Fixed | Fixed | Not affected | — |
Some fixes available 3 of 5
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.
1 affected package
pagure
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pagure | Fixed | Fixed | Fixed | — |
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
1 affected package
pagure
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pagure | — | — | Not affected | Not in release |