CVE-2015-8969

Опубликовано: 03 нояб. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.

Ссылки

http://www.securityfocus.com/bid/81433
Third Party Advisory
VDB Entry
https://github.com/square/git-fastclone/pull/5
Vendor Advisory
https://hackerone.com/reports/105190
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/81433
Third Party Advisory
VDB Entry
https://github.com/square/git-fastclone/pull/5
Vendor Advisory
https://hackerone.com/reports/105190
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squareup:git-fastclone:*:*:*:*:*:*:*:*

Версия до 1.0.5 (исключая)

EPSS

Процентиль: 86%

0.02758

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-mf6w-45cf-qhmp