CVE-2017-1000117: A malicious third-party could have caused a git client
to execute arbitrary commands via crafted "ssh://…" URLs, including
submodules (boo#1052481)

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3i586git-credential-gnome-keyring< 2.13.5-3.1git-credential-gnome-keyring-2.13.5-3.1.i586.rpm
openSUSE Leap42.3x86_64git< 2.13.5-3.1git-2.13.5-3.1.x86_64.rpm
openSUSE Leap42.3x86_64git-svn< 2.13.5-3.1git-svn-2.13.5-3.1.x86_64.rpm
openSUSE Leap42.3x86_64git-debugsource< 2.13.5-3.1git-debugsource-2.13.5-3.1.x86_64.rpm
openSUSE Leap42.3i586git-cvs< 2.13.5-3.1git-cvs-2.13.5-3.1.i586.rpm
openSUSE Leap42.3x86_64git-arch< 2.13.5-3.1git-arch-2.13.5-3.1.x86_64.rpm
openSUSE Leap42.3x86_64git-core< 2.13.5-3.1git-core-2.13.5-3.1.x86_64.rpm
openSUSE Leap42.3i586git-daemon< 2.13.5-3.1git-daemon-2.13.5-3.1.i586.rpm
openSUSE Leap42.3i586git-daemon-debuginfo< 2.13.5-3.1git-daemon-debuginfo-2.13.5-3.1.i586.rpm
openSUSE Leap42.3x86_64git-cvs< 2.13.5-3.1git-cvs-2.13.5-3.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE Leap	42.3	i586	git-credential-gnome-keyring	< 2.13.5-3.1	git-credential-gnome-keyring-2.13.5-3.1.i586.rpm
openSUSE Leap	42.3	x86_64	git	< 2.13.5-3.1	git-2.13.5-3.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	git-svn	< 2.13.5-3.1	git-svn-2.13.5-3.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	git-debugsource	< 2.13.5-3.1	git-debugsource-2.13.5-3.1.x86_64.rpm
openSUSE Leap	42.3	i586	git-cvs	< 2.13.5-3.1	git-cvs-2.13.5-3.1.i586.rpm
openSUSE Leap	42.3	x86_64	git-arch	< 2.13.5-3.1	git-arch-2.13.5-3.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	git-core	< 2.13.5-3.1	git-core-2.13.5-3.1.x86_64.rpm
openSUSE Leap	42.3	i586	git-daemon	< 2.13.5-3.1	git-daemon-2.13.5-3.1.i586.rpm
openSUSE Leap	42.3	i586	git-daemon-debuginfo	< 2.13.5-3.1	git-daemon-debuginfo-2.13.5-3.1.i586.rpm
openSUSE Leap	42.3	x86_64	git-cvs	< 2.13.5-3.1	git-cvs-2.13.5-3.1.x86_64.rpm

Rows per page:

1-10 of 331

References

bugzilla.suse.com/1052481

fedora 2

osv 7

nessus 36

suse 3

redhat 5

ubuntu 1

openvas 26

centos 2

alpinelinux 1

prion 6

oraclelinux 2

packetstorm 1

ubuntucve 5

amazon 1

archlinux 2

checkpoint_advisories 1

debian 6

veracode 2

slackware 1

cloudfoundry 1

mageia 1

redhatcve 3

gentoo 1

debiancve 5

cve 6

metasploit 1

exploitdb 1

atlassian 2

ibm 2

hackerone 1

myhack58 1

freebsd 1

github 1

apple 2

fedora

[SECURITY] Fedora 25 Update: git-2.9.5-1.fc25

2017-08-14 00:56:27

[SECURITY] Fedora 26 Update: git-2.13.5-1.fc26

2017-08-13 20:56:31

osv

CVE-2017-1000117

2017-10-05 01:29:04

git - security update

2017-08-27 00:00:00

git - security update

2017-08-10 00:00:00

nessus

Scientific Linux Security Update : git on SL7.x x86_64 (20170817)

2017-08-22 00:00:00

NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2019-0120)

2019-08-12 00:00:00

Scientific Linux Security Update : git on SL6.x i386/x86_64 (20170817)

2017-08-18 00:00:00

suse

Security update for git (important)

2017-08-21 18:07:57

Security update for git (important)

2017-09-01 03:10:54

Security update for git (important)

2017-09-02 18:07:39

redhat

(RHSA-2017:2485) Important: git security update

2017-08-16 21:46:48

(RHSA-2017:2484) Important: git security update

2017-08-16 21:46:19

(RHSA-2017:2491) Important: rh-git29-git security update

2017-08-17 21:33:27

ubuntu

Git vulnerability

2017-08-11 00:00:00

openvas

Ubuntu: Security Advisory (USN-3387-1)

2017-08-11 00:00:00

RedHat Update for git RHSA-2017:2484-01

2017-08-17 00:00:00

RedHat Update for git RHSA-2017:2485-01

2017-08-17 00:00:00

centos

emacs, git, gitk, gitweb, perl security update

2017-08-17 10:26:34

emacs, git, gitk, gitweb, perl security update

2017-08-24 09:43:50

alpinelinux

CVE-2017-1000117

2017-10-05 01:29:00

prion

Security feature bypass

2017-10-05 01:29:00

Code injection

2018-02-15 13:29:00

Sql injection

2017-08-20 20:29:00

oraclelinux

git security update

2017-08-17 00:00:00

git security update

2017-08-16 00:00:00

packetstorm

Malicious GIT HTTP Server

2017-08-30 00:00:00

ubuntucve

CVE-2017-1000117

2017-08-10 00:00:00

CVE-2017-12976

2017-08-20 00:00:00

CVE-2017-16228

2017-10-29 00:00:00

amazon

Important: git

2017-08-31 16:00:00

archlinux

[ASA-201708-6] git: arbitrary command execution

2017-08-12 00:00:00

[ASA-201708-7] mercurial: multiple issues

2017-08-12 00:00:00

checkpoint_advisories

Git ssh URL Processing Command Execution (CVE-2017-1000117)

2018-05-02 00:00:00

debian

[SECURITY] [DSA 3934-1] git security update

2017-08-10 19:05:06

[SECURITY] [DLA 1068-1] git security update

2017-08-27 18:18:39

[SECURITY] [DSA 3934-1] git security update

2017-08-10 19:05:06

veracode

Remote Code Execution (RCE)

2019-01-15 09:18:24

Arbitrary Command Execution

2017-10-30 00:47:04

slackware

[slackware-security] git

2017-08-11 23:10:53

cloudfoundry

USN-3387-1: Git vulnerability | Cloud Foundry

2017-08-17 00:00:00

mageia

Updated git packages fix security vulnerability

2017-08-14 01:19:29

redhatcve

CVE-2017-1000117

2021-03-20 20:53:20

CVE-2017-16228

2017-11-03 14:19:26

CVE-2017-14176

2017-09-12 07:48:25

gentoo

Git: Command injection

2017-09-17 00:00:00

debiancve

CVE-2017-1000117

2017-10-05 01:29:00

CVE-2017-12976

2017-08-20 20:29:00

CVE-2017-16228

2017-10-29 20:29:00

cve

CVE-2017-1000117

2017-10-05 01:29:00

CVE-2017-18087

2018-02-15 13:29:00

CVE-2017-12976

2017-08-20 20:29:00

metasploit

Malicious Git HTTP Server For CVE-2017-1000117

2017-08-13 03:47:44

exploitdb

Git < 2.7.5 - Command Injection (Metasploit)

2017-08-31 00:00:00

atlassian

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

2018-02-02 00:11:43

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

2018-02-02 00:11:43

ibm

Security Bulletin: Vulnerabilities in git affect PowerKVM

2018-06-18 01:38:04

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

hackerone

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-14 20:53:18

myhack58

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2017-08-11 00:00:00

freebsd

Mercurial -- multiple vulnerabilities

2017-08-10 00:00:00

github

Dulwich RCE Vulnerability

2022-05-13 01:44:04

apple

About the security content of Xcode 9

2017-09-19 00:00:00

About the security content of Xcode 9 - Apple Support

2017-11-02 11:30:54

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.599 Medium

EPSS

Percentile

97.5%

JSON

Related for OPENSUSE-SU-2017:2182-1