FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

soft-serve -- Remote code execution vulnerability

Affected packages
soft-serve < 0.7.5

Details

VuXML ID 8c342a6c-563f-11ef-a77e-901b0e9408dc
Discovery 2024-08-01
Entry 2024-08-09

soft-serve team reports:

Arbitrary code execution by crafting git ssh requests

It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git.

[source]

References

CVE Name CVE-2024-41956
URL https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.