CVE-2017-1000117

🗓️ 04 Oct 2017 01:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 303 Views🌐 WEB

Malicious URL in ssh can execute programs on victim's machine via git clone command.

Reporter	Title	Published	Views	Family All 156
0day.today	Malicious GIT HTTP Server Exploit	31 Aug 201700:00	–	zdt
0day.today	Git <= 2.7.5 - Command Injection (Metasploit) Exploit	31 Aug 201700:00	–	zdt
0day.today	SourceTree Remote Code Execution Exploit	7 Sep 201700:00	–	zdt
Gitee	Exploit for Open Redirect in Git-Scm Git	10 Nov 202216:04	–	gitee
Gitee	Exploit for Open Redirect in Git-Scm Git	14 Aug 201713:36	–	gitee
Gitee	Exploit for Improper Encoding or Escaping of Output in F5 Nginx	15 Aug 202123:58	–	gitee
IBM Security Bulletins	Security Bulletin: Vulnerabilities in git affect PowerKVM	18 Jun 201801:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private	20 Jul 201818:56	–	ibm
ATTACKERKB	CVE-2017-17459	7 Dec 201718:29	–	attackerkb
Amazon	Important: git	31 Aug 201700:00	–	amazon

NVD

Node

git-scm gitRange≤2.7.5

OR

git-scm gitMatch2.8.0

OR

git-scm gitMatch2.8.0rc0

OR

git-scm gitMatch2.8.0rc1

OR

git-scm gitMatch2.8.0rc2

OR

git-scm gitMatch2.8.0rc3

OR

git-scm gitMatch2.8.1

OR

git-scm gitMatch2.8.2

OR

git-scm gitMatch2.8.3

OR

git-scm gitMatch2.8.4

OR

git-scm gitMatch2.8.5

OR

git-scm gitMatch2.9.0

OR

git-scm gitMatch2.9.0rc0

OR

git-scm gitMatch2.9.0rc1

OR

git-scm gitMatch2.9.0rc2

OR

git-scm gitMatch2.9.1

OR

git-scm gitMatch2.9.2

OR

git-scm gitMatch2.9.3

OR

git-scm gitMatch2.9.4

OR

git-scm gitMatch2.10.0

OR

git-scm gitMatch2.10.0rc0

OR

git-scm gitMatch2.10.0rc1

OR

git-scm gitMatch2.10.0rc2

OR

git-scm gitMatch2.10.1

OR

git-scm gitMatch2.10.2

OR

git-scm gitMatch2.10.3

OR

git-scm gitMatch2.11.0

OR

git-scm gitMatch2.11.0rc0

OR

git-scm gitMatch2.11.0rc1

OR

git-scm gitMatch2.11.0rc2

OR

git-scm gitMatch2.11.0rc3

OR

git-scm gitMatch2.11.1

OR

git-scm gitMatch2.11.2

OR

git-scm gitMatch2.12.0

OR

git-scm gitMatch2.12.0rc0

OR

git-scm gitMatch2.12.0rc1

OR

git-scm gitMatch2.12.0rc2

OR

git-scm gitMatch2.12.1

OR

git-scm gitMatch2.12.2

OR

git-scm gitMatch2.12.3

OR

git-scm gitMatch2.13.0

OR

git-scm gitMatch2.13.0rc0

OR

git-scm gitMatch2.13.0rc1

OR

git-scm gitMatch2.13.0rc2

OR

git-scm gitMatch2.13.1

OR

git-scm gitMatch2.13.2

OR

git-scm gitMatch2.13.3

OR

git-scm gitMatch2.13.4

OR

git-scm gitMatch2.14.0

OR

git-scm gitMatch2.14.0rc0

OR

git-scm gitMatch2.14.0rc1

Source	Link
security	www.security.gentoo.org/glsa/201709-10
access	www.access.redhat.com/errata/RHSA-2017:2675
access	www.access.redhat.com/errata/RHSA-2017:2484
mail-archive	www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html
securityfocus	www.securityfocus.com/bid/100283
access	www.access.redhat.com/errata/RHSA-2017:2674
access	www.access.redhat.com/errata/RHSA-2017:2485
exploit-db	www.exploit-db.com/exploits/42599/
support	www.support.apple.com/HT208103
securitytracker	www.securitytracker.com/id/1039131

Parameter	Position	Path	Description	CWE
url	path	/.gitmodules	CVE-2017-1000117: Git allows a crafted ssh:// URL in a submodule to execute arbitrary commands when submodules are initialized.	CWE-601
path	path	/.gitmodules	CVE-2017-1000117: Git allows a crafted ssh:// URL in a submodule to execute arbitrary commands when submodules are initialized.	CWE-601
ssh://-oProxyCommand=payload_cmd	path	/.gitmodules	CVE-2017-1000117: Git allows a crafted ssh:// URL in a submodule to execute arbitrary commands when submodules are initialized.	CWE-601

17 Jun 2026 00:58Current

7.9High risk

Vulners AI Score7.9

CVSS 26.8

CVSS 38.8

EPSS0.77823

cve-2017-1000117 malicious third-party ssh url victim execution git clone command.