Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1387

Опубликовано: 18 дек. 2019
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.14.0 (включая) до 2.14.6 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.15.0 (включая) до 2.15.4 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.16.0 (включая) до 2.16.6 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.17.0 (включая) до 2.17.3 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.18.0 (включая) до 2.18.2 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.19.0 (включая) до 2.19.3 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.20.0 (включая) до 2.20.2 (исключая)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Версия от 2.22.0 (включая) до 2.22.2 (исключая)
cpe:2.3:a:git-scm:git:2.21.0:*:*:*:*:*:*:*
cpe:2.3:a:git-scm:git:2.23.0:*:*:*:*:*:*:*
cpe:2.3:a:git-scm:git:2.24.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.0317
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2019-1387

CVSS3: 8.8
ubuntu
больше 5 лет назад

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

redhat логотип

CVE-2019-1387

CVSS3: 7.5
redhat
почти 6 лет назад

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

msrc логотип

CVE-2019-1387

msrc
почти 6 лет назад

Git for Visual Studio Remote Code Execution Vulnerability

debian логотип

CVE-2019-1387

CVSS3: 8.8
debian
больше 5 лет назад

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...

github логотип

GHSA-9mhc-h3vf-83fw

CVSS3: 8.8
github
больше 3 лет назад

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

EPSS

Процентиль: 86%
0.0317
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo