Vulnerability in Git-lfs

CVE-2024-53263

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control…

EPSS: 0.010 (59.7th percentile) — read the EPSS interpretation.

Affected products

  • Git-lfs — versions >= 0.1.0, < 3.6.1

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-53263?
CVE-2024-53263 is a vulnerability in Git-lfs, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). Published 2025-01-14.
Is CVE-2024-53263 known to be exploited?
7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.