4 matches found
CVE-2017-1000117
CVE-2017-1000117 is a command-injection vulnerability in Git caused by insufficient validation of ssh:// URL handling, enabling arbitrary code execution when a malicious URL is processed (e.g., via git clone --recurse-submodules or a crafted .gitmodules). The connected advisories confirm the issu...
CVE-2017-14867
CVE-2017-14867 affects Git and is caused by unsafe Perl scripts used to support subcommands (notably cvsserver). Vulnerable builds include Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2. The flaw allows an attacker to execute arbitrar...
CVE-2017-15298
CVE-2017-15298 is linked to Git up to version 2.14.2, where a vulnerability in how layers of tree objects are handled can allow a remote attacker to cause a denial of service via a crafted repository, with potential disk impact. The issue arises from memory data structure construction that may ex...
CVE-2014-9938
CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...