5 matches found
CVE-2018-17456
CVE-2018-17456 is a remote code execution in Git triggered when processing a recursive clone of a superproject if a .gitmodules URL starts with a dash. Affected Git versions include 2.14.5 and later 2.15.x/2.16.x/2.17.x/2.18.x/2.19.x before the fixed releases listed (e.g., 2.14.5 and subsequent u...
CVE-2018-11235
CVE-2018-11235 affects Git prior to 2.17.1 (and also 2.13.7, 2.14.4, 2.15.2, 2.16.4, 2.17.1 as listed in advisories). A crafted .gitmodules file can cause directory traversal in submodule names, leading to a malicious project triggering a chain where submodule names are appended to $GIT_DIR/modul...
CVE-2018-11233
CVE-2018-11233 affects Git on NTFS pathname sanity checking, causing potential out-of-bounds reads. Affected: Git versions before 2.13.7, and 2.14.x/2.15.x/2.16.x/2.17.x before the listed patch levels. Impact: potential information disclosure and/or memory access concerns; no explicit exploitatio...
CVE-2018-19486
CVE-2018-19486 : Git before 2.19.2 on Linux/UNIX executes commands from the current working directory in certain cases involving the run_command() API and run-command.c, caused by a change from execvp to execv in 2017. The vulnerability can allow commands to be executed from the current directory...
CVE-2018-1000021
Technical details on CVE-2018-1000021 are not publicly provided in the connected documents. Please monitor for updates from the vendor/CNA and the CVE entry for any affected products, impact and remediation information.