1. Aggregate Results
Table 1. Pillager pass rate across all attack categories. Higher is better. Best in bold.
2. Per-Test Matrix
Table 2. PASS / FAIL grid per (test × tool). Click a row for the attack description, CVE link, and captured evidence.
3. Disclosure Tracker
Per finding, we track the coordinated-disclosure state. Until a finding reaches disclosed, the upstream tool is shown as Tool A…F. The legend below maps the status terms.
Status legend
- confirmed — reproduced locally on the benchmark image
- reported — contacted upstream maintainer
- acknowledged — maintainer confirmed they are aware
- patched — fix landed upstream
- cve_assigned — CVE id issued
- disclosed — public advisory out; tool can be named
Table 3. Findings and their disclosure status, newest IDs last.
References
- justinsteven. Various abuses of
core.fsmonitorin a directory's.git/config. 2022. github.com/justinsteven/advisories - Driver Tom. 别想偷我源码:通用的针对源码泄露利用程序的反制. 2021. drivertom.blogspot.com
- Git CVE catalog. github.com/git/git/security/advisories