Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of repository files which enables the placement of a Git hook in the .git/hooks directory. By default, this Metasploit module writes a post-checkout script so that the payload will automatically be executed upon checkout of the repository.
e98b3afb62859d7020a7dd7d9fa1db727066effb6fcaf6be5eb8fbff19874b9d
This Metasploit module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user.
b2e56cd428c174bc04f6acc23c21f34ae6d9df79b2c9d12ca9619993ff6fa4b9
Gentoo Linux Security Advisory 202104-1 - A vulnerability has been found in Git that could allow a remote attacker to execute arbitrary code. Versions less than 2.26.3 are affected.
501280a83ea3d468493a03bc6b8c2fd8cb7796e4399b355699ce16447e85a20b
Apple Security Advisory 2021-04-26-10 - Xcode 12.5 addresses an arbitrary code execution vulnerability.
39bca81a5aa62d2d72980d7d122769fc684d6c93ebeed0118673d5f8efea0142
Gentoo Linux Security Advisory 202103-2 - A vulnerability in Redis could lead to remote code execution. Versions less than 6.0.12 are affected.
0c57e716e17c05df9d7c490ffeca4fca4f648e2031e8a4f6ab255a0d9a8ad43f
Ubuntu Security Notice 4761-1 - Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code.
2862a5d57fdf9124f9b200582cb31794ad9fc9721ccbe477d6d00f636c34fc81
Gentoo Linux Security Advisory 202101-15 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could result in privilege escalation. Versions prior to 6.1.18 are affected.
5053623f21273f99393a766764d03e8ae442ebc46b5716edc0b44203cfe03c3f