176 matches found
[ASA-201912-5] libgit2: arbitrary code execution
Arch Linux Security Advisory ASA-201912-5 ========================================= Severity: High Date : 2019-12-18 CVE-ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387 Package : libgit2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1075 Summa...
SUSE SLES12 Security Update : git (SUSE-SU-2019:3311-1)
This update for git fixes the following issues : Security issues fixed : CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. CVE-2019-19604: Fixed a recursive clone...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...
Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456
There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...
Arbitrary Shell Command Execution
Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules...
Fedora 28 : git (2018-1c1a318a0b)
Upstream security update resolving an issue with git clone --recurse-submodules. From the upstream release announcement : These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with...
git: arbitrary code execution via .gitmodules
An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...
git: arbitrary code execution via .gitmodules
An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...
Fedora 27 : git (2018-d5139c4fd6)
Upstream security update resolving an issue with git clone --recurse-submodules. From the upstream release announcement : These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with...
Updated git packages fix security vulnerability
joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...
[slackware-security] git
New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/git-2.14.5-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Submodules' "URL"s come from the untrusted...
Darling - Darwin/macOS Emulation Layer For Linux
Darling is a runtime environment for OS X applications. Please note that no GUI applications are supported at the moment. Download Darling uses many Git submodules, so a plain clone will not do. git clone --recurse-submodules https://github.com/darlinghq/darling.git Updating sources: git pull git...
GHSA-8GG6-3R63-25M8 git-fastclone permits arbitrary shell command execution from .gitmodules
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
git: arbitrary code execution when recursively cloning a malicious repository
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...
USN-3671-1: Git vulnerabilities
Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. CVE-2018-11235 It was discovered that an integer overflow existed ...
USN-3671-1 git vulnerabilities
Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. CVE-2018-11235 It was discovered that an integer overflow existed ...
Git 2.13.x, 2.14.x, 2.15.x, 2.16.x, 2.17.x Multiple Vulnerabilities - Windows
Git is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.113205...
Exploit for Path Traversal in Debian Debian_Linux
PoC exploit for CVE-2018-11235 ============================== G...
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...