Primary

Context

Soft Serve Git Server ANSI Escape Sequence Injection Vulnerability

Vulnerability

Patched

A vulnerability exists in Soft Serve, a self-hostable Git server, in versions through 0.10.0. The issue arises from improper sanitization of user input, allowing the injection of ANSI escape sequences. This can be exploited to create misleading alerts. The vulnerability is present in several areas where users can input data, such as repository descriptions, project names, Git commit author names, commit messages, access token names, and webhook URLs.

Impact

Exploitation of this vulnerability could lead to the injection of ANSI escape sequences, allowing for the creation of fake alerts and potentially misleading users.

Remediation

Users can upgrade to Soft Serve version 0.11.0 to address this vulnerability.

Added: Nov 8, 2025, 2:19 AM

Updated: Nov 8, 2025, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.7

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.7

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Soft Serve Git Server ANSI Escape Sequence Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

github.com/charmbracelet/soft-serve

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating