CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

Debian DSA-4212-1 : git - security update

Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file. C Tenable Network Security, Inc. The descriptive text and package checks in...

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

Git Arbitrary Code Execution Vulnerability (CNVD-2018-10794)

Git is a free and open source distributed version control system designed to handle small to large projects with speed and efficiency. An arbitrary code execution vulnerability exists in Git due to the software's failure to properly validate submodule "names" provided via untrusted .gitmodules...

[SECURITY] [DSA 4212-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4212-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 29, 2018 https://www.debian.org/security/faq -...

Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)

The Git community reports: In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machin...

Security feature bypass

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

Git for Windows 2.7.x < 2.7.6 / 2.8.x < 2.8.6 / 2.9.x < 2.9.5 / 2.10.x < 2.10.4 / 2.11.x < 2.11.13 / 2.12.x < 2.12.4 / 2.13.x < 2.13.5 / 2.14.x < 2.14.1 Malicious SSH URL Command Execution

The version of Git for Windows installed on the remote host is version 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.6, 2.9.x prior to 2.9.5, 2.10.x prior to 2.10.4, 2.11.x prior to 2.11.13, 2.12.x prior to 2.12.4, 2.13.x prior to 2.13.5, or 2.14.x prior to 2.14.1. It is, therefore, affected by a...

Fedora 25 : git (2017-8ba7572cfd)

Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL CVE-2017-1000117. From the release announcement : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's...

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

git-fastclone Arbitrary Command Execution Vulnerability

git-fastclone is a set of tools for cloning git. An arbitrary command execution vulnerability exists in git-fastclone versions prior to 1.0.1, which stems from a program executing arbitrary shell commands from .gitmodules. The vulnerability can be exploited to execute arbitrary shell commands by...

CVE-2015-8968

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

Command injection

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

CVE-2015-8968

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

CVE-2015-8968

CVE-2015-8968 affects git-fastclone prior to 1.0.1, enabling arbitrary shell command execution via .gitmodules when cloning recursively or updating submodules. The exploit occurs through ext helper URLs (git-remote-ext) embedded in submodules, allowing command execution either over cloned repos o...

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

Design/Logic Flaw

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

CVE-2015-7545

The CVE-2015-7545 issue affects Git’s remote helpers (notably git-remote-ext) and other remote helpers. Git prior to 2.3.10, 2.4.x prior to 2.4.10, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1 do not properly restrict allowed protocols, which could let remote attackers execute arbitrary code vi...

UBUNTU-CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...