VDB

GCVE-VVD-MAGEIA-2020-181

GCVE-VVD-MAGEIA-2020-181
Advisory Published
Vulnetix · Advisory published August 18, 2020
Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server (CvE-2020-111008). With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiavlc0 (affected), 3.0.11.1-1.mga7 (unaffected), 0 (affected), 3.0.11.1-1.mga7.tainted (unaffected)
Mageiagit0 (affected), 2.21.3-1.mga7 (unaffected), 0 (affected), 2.21.3-1.mga7 (unaffected)

References

Updated git packages fix security vulnerability
advisory
Updated git packages fix security vulnerability
issue
Updated git packages fix security vulnerability
issue
Updated git packages fix security vulnerability
issue
Updated vlc packages fix various bugs and add enhancements
advisory
Updated vlc packages fix various bugs and add enhancements
issue
Updated vlc packages fix various bugs and add enhancements
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›