216.73.217.176

CVE-2024-41956

· Published 01/08/2024 22:15 · Modified 01/08/2024 22:15

Labels: CVE-2024-41956 2024-08-01CVE-2024-41956CWE-78[email protected]

Essential information

Published
01/08/2024 22:15
Modified
01/08/2024 22:15
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References