In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs “git clone --recurse-submodules” because submodule “names” are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with “…/” in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

References

lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

www.securityfocus.com/bid/104345

www.securitytracker.com/id/1040991

access.redhat.com/errata/RHSA-2018:1957

access.redhat.com/errata/RHSA-2018:2147

blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/

marc.info/?l=git&m=152761328506724&w=2

security.gentoo.org/glsa/201805-13

usn.ubuntu.com/3671-1/

www.debian.org/security/2018/dsa-4212

www.exploit-db.com/exploits/44822/

nessus 42

alpinelinux 1

osv 4

openvas 37

fedora 15

prion 1

exploitdb 2

redhat 2

zdt 2

cve 1

nvd 1

debian 2

ibm 1

veracode 2

packetstorm 2

checkpoint_advisories 1

freebsd 2

redhatcve 1

debiancve 1

ubuntucve 1

centos 1

apple 2

gentoo 1

oraclelinux 1

amazon 2

photon 4

mageia 1

slackware 1

archlinux 1

exploitpack 1

threatpost 1

ubuntu 1

cloudfoundry 1

suse 4

nessus

CentOS 7 : git (CESA-2018:1957)

2018-06-25 00:00:00

Fedora 28 : libgit2 (2018-b10e54263a)

2019-01-03 00:00:00

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0027)

2019-08-12 00:00:00

alpinelinux

CVE-2018-11235

2018-05-30 04:29:00

osv

CVE-2018-11235

2018-05-30 04:29:00

git - security update

2018-05-29 00:00:00

libgit2-1_1-1.1.1-1.2 on GA media

2024-06-15 00:00:00

openvas

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1216)

2020-01-23 00:00:00

CentOS Update for emacs-git CESA-2018:1957 centos7

2018-06-23 00:00:00

Debian: Security Advisory (DSA-4212-1)

2018-05-28 00:00:00

fedora

[SECURITY] Fedora 27 Update: libgit2-0.26.4-1.fc27

2018-07-05 15:18:51

[SECURITY] Fedora 28 Update: libgit2-0.26.4-1.fc28

2018-07-05 18:39:01

[SECURITY] Fedora 28 Update: git-2.17.1-2.fc28

2018-06-01 12:06:15

prion

Directory traversal

2018-05-30 04:29:00

exploitdb

Git < 2.17.1 - Remote Code Execution

2018-06-01 00:00:00

Git Submodule - Arbitrary Code Execution

2018-10-16 00:00:00

redhat

(RHSA-2018:1957) Important: git security update

2018-06-20 22:09:22

(RHSA-2018:2147) Important: rh-git29-git security update

2018-07-10 08:08:55

zdt

Git < 2.17.1 - Remote Code Execution Exploit

2018-06-01 00:00:00

Sourcetree Remote Code Execution Exploit

2018-07-25 00:00:00

cve

CVE-2018-11235

2018-05-30 04:29:00

nvd

CVE-2018-11235

2018-05-30 04:29:00

debian

[SECURITY] [DSA 4212-1] git security update

2018-05-29 20:44:01

[SECURITY] [DSA 4212-1] git security update

2018-05-29 20:44:01

ibm

Security Bulletin: A vulnerability in git affects PowerKVM

2018-09-26 17:55:02

veracode

Remote Code Execution (RCE)

2019-01-15 09:24:01

Remote Code Execution (RCE)

2018-06-07 04:52:21

packetstorm

Git Remote Code Execution

2018-06-01 00:00:00

Git Submodule Arbitrary Code Execution

2018-10-17 00:00:00

checkpoint_advisories

Git Submodules Directory Traversal (CVE-2018-11235)

2020-02-25 00:00:00

freebsd

Libgit2 -- Fixing insufficient validation of submodule names

2018-05-29 00:00:00

Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)

2018-05-29 00:00:00

redhatcve

CVE-2018-11235

2018-05-30 00:49:00

debiancve

CVE-2018-11235

2018-05-30 04:29:00

ubuntucve

CVE-2018-11235

2018-05-30 00:00:00

centos

emacs, git, gitk, gitweb, perl security update

2018-06-22 17:15:23

apple

About the security content of Xcode 9.4.1

2018-06-13 00:00:00

About the security content of Xcode 9.4.1 - Apple Support

2018-06-13 05:39:31

gentoo

Git: Multiple vulnerabilities

2018-05-30 00:00:00

oraclelinux

git security update

2018-06-20 00:00:00

amazon

Important: git

2018-06-08 18:31:00

Important: git

2018-06-07 23:44:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0145

2018-06-04 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0053

2018-06-04 00:00:00

Important Photon OS Security Update - PHSA-2018-0053

2018-06-04 00:00:00

mageia

Updated git packages fix security vulnerabilities

2018-06-03 14:02:21

slackware

[slackware-security] git

2018-06-01 21:57:46

archlinux

[ASA-201806-1] git: multiple issues

2018-06-01 00:00:00

exploitpack

Git Submodule - Arbitrary Code Execution

2018-10-16 00:00:00

threatpost

Bug In Git Opens Developer Systems Up to Attack

2018-05-30 20:12:47

ubuntu

Git vulnerabilities

2018-06-05 00:00:00

cloudfoundry

USN-3671-1: Git vulnerabilities | Cloud Foundry

2018-06-14 00:00:00

suse

Security update for git (important)

2018-06-06 03:06:59

Security update for libgit2 (important)

2018-08-25 00:07:49

Security update for libgit2 (moderate)

2018-10-27 00:24:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

8.2

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Related for CVELIST:CVE-2018-11235