Improper Input Validation in git

Do your applications use this vulnerable package? Test your applications

Overview

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

References

Debian Security Tracker
Ubuntu CVE Tracker
http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2018-1000021
CWE: CWE-20
Snyk ID: SNYK-DEBIAN8-GIT-340852
Disclosed: 09 Feb, 2018
Published: 09 Feb, 2018

Improper Input Validation
Affecting git package, versions *

Overview

References

CVSS Score

Improper Input Validation Affecting git package, versions *

Overview

References

Improper Input Validation
Affecting git package, versions *