CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

DEBIAN-CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

ALPINE-CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

GLSA-201709-10 : Git: Command injection

The remote host is affected by the vulnerability described in GLSA-201709-10 Git: Command injection Specially crafted ssh://... URLs may allow the owner of the repository to execute arbitrary commands on clients machine if those commands are already installed on the clients system. This is...

Security update for git (important)

This update for git fixes the following security issues: - CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted "ssh://..." URLs, including submodules boo1052481...

Fedora 25 : git (2017-8ba7572cfd)

Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL CVE-2017-1000117. From the release announcement : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's...

Fedora 26 : git (2017-b1b3ae6666)

Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL CVE-2017-1000117. From the release announcement : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's...

Command injection

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

GLSA-201605-01 : Git: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201605-01 Git: Multiple vulnerabilities Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large number of nested trees. Additionally, some protocols within Git, such as...

Git: Multiple vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...

Generic Android Deobfuscator: Simplify

Simplify uses a virtual machine to execute an app and understand what it does. Then, it applies optimizations to create code that behaves identically but is easier for a human to understand. It is a generic deobfuscator because it doesn’t need any special configuration or code for different types...

SUSE SLES12 Security Update : Recommended update for git (SUSE-SU-2015:2325-1)

The git package was updated to fix the following security issue : - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...

SUSE-SU-2015:2025-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

SUSE-SU-2015:2325-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

git: arbitrary code execution via crafted URLs

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system...

SUSE-SU-2015:2184-1 Recommended update for git

The git package was updated to fix the following security issue: - Fix remote code execution with recursive fetch of submodules bsc948969...

openSUSE Security Update : git (openSUSE-2015-737)

Git was updated to fix one security issue. The following vulnerability was fixed : - boo948969: remote code execution with recursive fetch of submodules %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...