Do your applications use this vulnerable package?
Test your applications
Overview
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
References
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2018-19486
- CWE
- CWE-426
- Snyk ID
- SNYK-ALPINE38-GIT-339341
- Disclosed
- 23 Nov, 2018
- Published
- 02 Dec, 2018