Lucene search
K

132 matches found

Exploit DB
Exploit DB
added 2018/10/05 12:0 a.m.114 views

Git Submodule - Arbitrary Code Execution (PoC)

These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...

9.8CVSS7AI score0.97356EPSS
Exploits12
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/25 12:7 a.m.142 views

Security update for libgit2 (important)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

6.8CVSS2.5AI score0.49188EPSS
Exploits11References4
OSV
OSV
added 2018/08/15 8:3 p.m.20 views

GHSA-8GG6-3R63-25M8 git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

8.8CVSS8.7AI score0.05198EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2018/08/15 8:3 p.m.32 views

git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

9.3CVSS8.4AI score0.05198EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2018/07/10 8:36 a.m.19 views

git: arbitrary code execution when recursively cloning a malicious repository

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.1AI score0.49188EPSS
Exploits10References5
Veracode
Veracode
added 2018/06/07 4:52 a.m.32 views

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

7.8CVSS8.1AI score0.49188EPSS
Exploits10References13Affected Software1
OSV
OSV
added 2018/05/30 4:29 a.m.29 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.2AI score
Exploits0References11
NVD
NVD
added 2018/05/30 4:29 a.m.28 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.1AI score0.49188EPSS
Exploits10References11
OSV
OSV
added 2018/05/30 4:29 a.m.4 views

ALPINE-CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.3AI score0.49188EPSS
Exploits10References1
Debian CVE
Debian CVE
added 2018/05/30 4:0 a.m.41 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.4AI score0.49188EPSS
Exploits10
AlpineLinux
AlpineLinux
added 2018/05/30 4:0 a.m.40 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS8.4AI score0.49188EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2018/05/30 12:49 a.m.35 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

8.8CVSS2.2AI score0.49188EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2018/05/30 12:0 a.m.36 views

Debian DSA-4212-1 : git - security update

Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file. C Tenable Network Security, Inc. The descriptive text and package checks in...

7.8CVSS7.8AI score0.49188EPSS
Exploits10References5
CNVD
CNVD
added 2018/05/30 12:0 a.m.3 views

Git Arbitrary Code Execution Vulnerability (CNVD-2018-10794)

Git is a free and open source distributed version control system designed to handle small to large projects with speed and efficiency. An arbitrary code execution vulnerability exists in Git due to the software's failure to properly validate submodule "names" provided via untrusted .gitmodules...

7.8CVSS8.3AI score0.49188EPSS
Exploits10References1
UbuntuCve
UbuntuCve
added 2018/05/30 12:0 a.m.54 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

7.8CVSS7.7AI score0.49188EPSS
Exploits10References3
Debian
Debian
added 2018/05/29 8:44 p.m.30 views

[SECURITY] [DSA 4212-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4212-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 29, 2018 https://www.debian.org/security/faq -...

7.8CVSS8.1AI score0.49188EPSS
Exploits10
FreeBSD
FreeBSD
added 2018/05/29 12:0 a.m.39 views

Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)

The Git community reports: In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machin...

7.8CVSS3.2AI score0.49188EPSS
Exploits10References2
Prion
Prion
added 2017/10/05 1:29 a.m.29 views

Security feature bypass

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

6.8CVSS7.7AI score0.77823EPSS
Exploits9References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/08/15 12:0 a.m.143 views

Git for Windows 2.7.x < 2.7.6 / 2.8.x < 2.8.6 / 2.9.x < 2.9.5 / 2.10.x < 2.10.4 / 2.11.x < 2.11.13 / 2.12.x < 2.12.4 / 2.13.x < 2.13.5 / 2.14.x < 2.14.1 Malicious SSH URL Command Execution

The version of Git for Windows installed on the remote host is version 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.6, 2.9.x prior to 2.9.5, 2.10.x prior to 2.10.4, 2.11.x prior to 2.11.13, 2.12.x prior to 2.12.4, 2.13.x prior to 2.13.5, or 2.14.x prior to 2.14.1. It is, therefore, affected by a...

8.8CVSS7.1AI score0.77823EPSS
Exploits9References11
Tenable Nessus
Tenable Nessus
added 2017/08/14 12:0 a.m.33 views

Fedora 25 : git (2017-8ba7572cfd)

Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL CVE-2017-1000117. From the release announcement : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's...

8.8CVSS7.5AI score0.77823EPSS
Exploits9References2
Rows per page
Query Builder