Описание
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:2.14.1-1ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:1.9.1-1ubuntu0.6]] |
| esm-infra/xenial | released | 1:2.7.4-0ubuntu1.2 |
| precise/esm | DNE | |
| trusty | released | 1:1.9.1-1ubuntu0.6 |
| trusty/esm | DNE | trusty was released [1:1.9.1-1ubuntu0.6] |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:2.7.4-0ubuntu1.2 |
| zesty | released | 1:2.11.0-2ubuntu0.2 |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A malicious third-party can give a crafted "ssh://..." URL to an unsus ...
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3