Arbitrary Argument Injection
Affecting git package, versions <1:2.11.0-3+deb9u4
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
References
- Bugtraq Mailing List
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Exploit DB
- Exploit DB
- GitHub Commit
- GitHub Commit
- HP Security Bulletin
- MISC
- OSS security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- SUSE
- Security Focus
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2018-17456
- CWE
- CWE-88
- Snyk ID
- SNYK-DEBIAN9-GIT-340821
- Disclosed
- 06 Oct, 2018
- Published
- 06 Oct, 2018