Lucene search
K

4 matches found

OSV
OSV
added 2017/12/21 6:29 a.m.5 views

UBUNTU-CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

8.8CVSS7.6AI score0.03677EPSS
Exploits1References5
CVE
CVE
added 2017/12/21 6:0 a.m.72 views

CVE-2017-17831

CVE-2017-17831 affects GitHub Git LFS prior to 2.1.1. A remote attacker can trigger arbitrary command execution by supplying an SSH URL whose hostname starts with the dash character, as parsed from a url = line in a repository’s .lfsconfig. This corresponds to a high-severity impact (CVSS v3.0: 8...

8.8CVSS8.9AI score0.03677EPSS
Exploits1References5Affected Software1
Atlassian
Atlassian
added 2017/12/21 5:4 a.m.88 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

10CVSS9.3AI score0.06331EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2017/12/21 5:4 a.m.48 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

8.8CVSS9.3AI score0.03677EPSS
Exploits1
Rows per page
Query Builder