Описание
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | jgit | Not affected | ||
| Red Hat JBoss A-MQ 6 | fabric8 | Not affected | ||
| Red Hat JBoss BRMS 6 | jgit | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | jgit | Not affected | ||
| Red Hat JBoss Fuse 6 | camel | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | jgit | Not affected | ||
| Red Hat Enterprise Linux 6 | git | Fixed | RHSA-2017:2485 | 16.08.2017 |
| Red Hat Enterprise Linux 7 | git | Fixed | RHSA-2017:2484 | 16.08.2017 |
| Red Hat Mobile Application Platform 4.5 | fh-system-dump-tool | Fixed | RHSA-2017:2674 | 18.09.2017 |
| Red Hat Mobile Application Platform 4.5 | fping | Fixed | RHSA-2017:2674 | 18.09.2017 |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A malicious third-party can give a crafted "ssh://..." URL to an unsus ...
6.3 Medium
CVSS3