vulnerability
FreeBSD: VID-8C342A6C-563F-11EF-A77E-901B0E9408DC (CVE-2024-41956): soft-serve -- Remote code execution vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:N) | 08/01/2024 | 08/09/2024 | 02/18/2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:N)
Published
08/01/2024
Added
08/09/2024
Modified
02/18/2025
Description
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5.
Solution
freebsd-upgrade-package-soft-serve
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.