Vulnerability in Git-lfs
CVE-2024-53263
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control…
EPSS: 0.010 (59.7th percentile) — read the EPSS interpretation.
Affected products
- Git-lfs — versions >= 0.1.0, < 3.6.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2024-53263?
- CVE-2024-53263 is a vulnerability in Git-lfs, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). Published 2025-01-14.
- Is CVE-2024-53263 known to be exploited?
- 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.