Lucene search

[email protected]NVD:CVE-2017-14867

HistorySep 29, 2017 - 1:34 a.m.

CVE-2017-14867

2017-09-2901:34:50

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

Affected configurations

Nvd

Node

git-scmgitRange≤2.10.4

git-scmgitMatch2.11.0

git-scmgitMatch2.11.1

git-scmgitMatch2.11.2

git-scmgitMatch2.11.3

git-scmgitMatch2.12.0

git-scmgitMatch2.12.1

git-scmgitMatch2.12.2

git-scmgitMatch2.12.3

git-scmgitMatch2.12.4

git-scmgitMatch2.13.0

git-scmgitMatch2.13.1

git-scmgitMatch2.13.2

git-scmgitMatch2.13.3

git-scmgitMatch2.13.4

git-scmgitMatch2.13.5

git-scmgitMatch2.14.0

git-scmgitMatch2.14.1

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

VendorProductVersionCPE
git-scmgit*cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
git-scmgit2.11.0cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*
git-scmgit2.11.1cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*
git-scmgit2.11.2cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*
git-scmgit2.11.3cpe:2.3:a:git-scm:git:2.11.3:*:*:*:*:*:*:*
git-scmgit2.12.0cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*
git-scmgit2.12.1cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*
git-scmgit2.12.2cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*
git-scmgit2.12.3cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*
git-scmgit2.12.4cpe:2.3:a:git-scm:git:2.12.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
git-scm	git	*	cpe:2.3:a:git-scm:git::::::::
git-scm	git	2.11.0	cpe:2.3:a:git-scm:git:2.11.0:::::::*
git-scm	git	2.11.1	cpe:2.3:a:git-scm:git:2.11.1:::::::*
git-scm	git	2.11.2	cpe:2.3:a:git-scm:git:2.11.2:::::::*
git-scm	git	2.11.3	cpe:2.3:a:git-scm:git:2.11.3:::::::*
git-scm	git	2.12.0	cpe:2.3:a:git-scm:git:2.12.0:::::::*
git-scm	git	2.12.1	cpe:2.3:a:git-scm:git:2.12.1:::::::*
git-scm	git	2.12.2	cpe:2.3:a:git-scm:git:2.12.2:::::::*
git-scm	git	2.12.3	cpe:2.3:a:git-scm:git:2.12.3:::::::*
git-scm	git	2.12.4	cpe:2.3:a:git-scm:git:2.12.4:::::::*