CVE-2025-64522

Critical CVSS: 9.1

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.

Vendor

Charm

Product

Soft Serve

CWE

CWE-918

Yayın Tarihi

2025-11-10 23:15:41

Güncelleme

2025-12-31 17:54:07

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Soft Serve CRITICAL Charm 2025

Referanslar

https://github.com/charmbracelet/soft-serve/commit/bb73b9a0eea0d902da4811420535842a4f9aae3b https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.1 https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f

Benzer Kayıtlar

High

CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authoriza…

Critical

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authentic…

High

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication…

Medium

CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the L…

Medium

CVE-2025-22130

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing…