VDB

GO-2025-3390

GO-2025-3390 PUBLISHED

Git LFS permits exfiltration of credentials via crafted HTTP URLs in github.com/git-lfs/git-lfs

Affected Products

VendorProductVersions
github.comgit-lfs/git-lfs/v33.0.0, 3.0.0
github.comgit-lfs/git-lfs0.1.0, 0.1.0

Timeline

  • Jan 15, 2025 CVE Published
  • Mar 3, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›