Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned CVE. The...

Git Submodules Directory Traversal (CVE-2018-11235)

A directory traversal vulnerability exists in the Git client. The vulnerability is due to insufficient validation of submodule names in the .gitmodules file during checkout. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary scripts on the target system...

Scientific Linux Security Update : git on SL6.x i386/x86_64 (20200203)

Security Fixes : - git: arbitrary code execution via .gitmodules CVE-2018-17456 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid133447; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate",...

RHEL 6 : git (RHSA-2020:0316)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0316 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serve...

git: arbitrary code execution via .gitmodules

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

git security update

1.7.1-10 - fixes arbitrary code execution via .gitmodules Resolves: CVE-2018-17456...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1388)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1377)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

Design/Logic Flaw

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0027)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability: - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafte...

EulerOS Virtualization for ARM 64 3.0.1.0 : git (EulerOS-SA-2019-1385)

According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote...

EulerOS 2.0 SP5 : git (EulerOS-SA-2019-1291)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - git: arbitrary code execution via .gitmodules CVE-2018-17456 Note that Tenable Network Security has extracted the preceding description block directly...

SUSE-SU-2018:4088-2 Security update for git

This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949...

Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Remote Code Execution (RCE)

rh-git29-git is vulnerable to remote code execution RCE attacks. The vulnerability exists as a malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a U...