Description

Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5.

INFO

Published Date :

2024-08-01T22:07:32.899Z

Last Modified :

2024-08-02T14:47:38.561Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41956 vulnerability.

Vendors Products
Charmbracelet
  • Soft-serve
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41956.

URL Resource
https://github.com/charmbracelet/soft-serve/commit/4daebdd422a6ba8c04162d023f8be355a8fe3184 cve-icon cve-icon
https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact