In eza
, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi
kernel, relating to the .git
directory.
The vulnerability seems to be triggered by the .git
directory in some projects. This issue may be related to specific files, and the directory structure also plays a role in triggering the vulnerability. Files/folders that may be involved in triggering the vulnerability include .git/HEAD
, .git/refs
, and .git/objects
.
As @polly pointed out to me, this is likely caused by GHSA-j2v7-4f6v-gpg8, which we do seem to use currently.
For more information check @CuB3y0nd's blogpost blog.
Arbitrary code execution.
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-08T18:47:28Z" }