Описание
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2.6.2-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:1.9.1-1ubuntu0.2]] |
| precise | released | 1:1.7.9.5-1ubuntu0.2 |
| trusty | released | 1:1.9.1-1ubuntu0.2 |
| trusty/esm | DNE | trusty was released [1:1.9.1-1ubuntu0.2] |
| upstream | released | 1:2.6.1-1 |
| vivid | released | 1:2.1.4-2.1ubuntu0.1 |
| wily | released | 1:2.5.0-1ubuntu0.1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
The (1) git-remote-ext and (2) unspecified other remote helper program ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3