Описание
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
Ссылки
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.htmlThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.htmlThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.1 (исключая)
cpe:2.3:a:git_large_file_storage_project:git_large_file_storage:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00729
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 8 лет назад
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
CVSS3: 8.8
debian
около 8 лет назад
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitra ...
CVSS3: 8.8
github
больше 3 лет назад
GitHub Git LFS Arbitrary command execution vulnerability
EPSS
Процентиль: 72%
0.00729
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20