CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
62.1%
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | x86_64 | git-lfs-debuginfo | < 2.13.3-3.el8_6 | git-lfs-debuginfo-2.13.3-3.el8_6.x86_64.rpm |
RedHat | 8 | ppc64le | git-lfs-debugsource | < 2.13.3-3.el8_6 | git-lfs-debugsource-2.13.3-3.el8_6.ppc64le.rpm |
RedHat | 8 | s390x | git-lfs-debugsource | < 2.13.3-3.el8_6 | git-lfs-debugsource-2.13.3-3.el8_6.s390x.rpm |
RedHat | 8 | aarch64 | git-lfs-debugsource | < 2.13.3-3.el8_6 | git-lfs-debugsource-2.13.3-3.el8_6.aarch64.rpm |
RedHat | 8 | x86_64 | git-lfs-debugsource | < 2.13.3-3.el8_6 | git-lfs-debugsource-2.13.3-3.el8_6.x86_64.rpm |
RedHat | 8 | x86_64 | git-lfs | < 2.13.3-3.el8_6 | git-lfs-2.13.3-3.el8_6.x86_64.rpm |
RedHat | 8 | s390x | git-lfs | < 2.13.3-3.el8_6 | git-lfs-2.13.3-3.el8_6.s390x.rpm |
RedHat | 8 | aarch64 | git-lfs-debuginfo | < 2.13.3-3.el8_6 | git-lfs-debuginfo-2.13.3-3.el8_6.aarch64.rpm |
RedHat | 8 | aarch64 | git-lfs | < 2.13.3-3.el8_6 | git-lfs-2.13.3-3.el8_6.aarch64.rpm |
RedHat | 8 | s390x | git-lfs-debuginfo | < 2.13.3-3.el8_6 | git-lfs-debuginfo-2.13.3-3.el8_6.s390x.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
62.1%