Описание
Git-fastclone passes user modifiable strings directly to a shell command
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-8969
- https://github.com/square/git-fastclone/pull/5
- https://hackerone.com/reports/105190
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/git-fastclone/CVE-2015-8969.yml
- https://web.archive.org/web/20161108132238/http://www.securityfocus.com/bid/81433
Пакеты
Наименование
git-fastclone
rubygems
Затронутые версииВерсия исправления
< 1.0.5
1.0.5
Связанные уязвимости
CVSS3: 9.8
nvd
больше 9 лет назад
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.