CVE-2014-9938

Опубликовано: 20 мар. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

Ссылки

https://access.redhat.com/errata/RHSA-2017:2004
Third Party Advisory
https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
Patch
Third Party Advisory
https://github.com/njhartwell/pw3nage
Exploit
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2004
Third Party Advisory
https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
Patch
Third Party Advisory
https://github.com/njhartwell/pw3nage
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*

Версия до 1.9.3 (исключая)

EPSS

Процентиль: 73%

0.0075

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-116

Связанные уязвимости

CVE-2014-9938

CVSS3: 8.8

ubuntu

почти 9 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

CVE-2014-9938

CVSS3: 7.8

redhat

почти 12 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

CVE-2014-9938

CVSS3: 8.8

debian

почти 9 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...

GHSA-6vhm-rfmv-gf4j

CVSS3: 8.8

github

больше 3 лет назад

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

ELSA-2017-2004

oracle-oval

больше 8 лет назад

ELSA-2017-2004: git security and bug fix update (MODERATE)

EPSS

Процентиль: 73%

0.0075

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-116