Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-14867

Опубликовано: 29 сент. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 9
CVSS3: 8.8

Описание

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

РелизСтатусПримечание
devel

released

1:2.14.1-1ubuntu4
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1:1.9.1-1ubuntu0.7]]
esm-infra/xenial

released

1:2.7.4-0ubuntu1.3
precise/esm

DNE

trusty

released

1:1.9.1-1ubuntu0.7
trusty/esm

DNE

trusty was released [1:1.9.1-1ubuntu0.7]
upstream

released

1:2.14.2-1
vivid/ubuntu-core

DNE

xenial

released

1:2.7.4-0ubuntu1.3
zesty

released

1:2.11.0-2ubuntu0.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.06968
Низкий

9 Critical

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-14867

CVSS3: 7.8
redhat
больше 8 лет назад

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

nvd логотип

CVE-2017-14867

CVSS3: 8.8
nvd
больше 8 лет назад

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

msrc логотип

CVE-2017-14867

CVSS3: 8.8
msrc
5 месяцев назад

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

debian логотип

CVE-2017-14867

CVSS3: 8.8
debian
больше 8 лет назад

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x ...

suse-cvrf логотип

openSUSE-SU-2017:2757-1

suse-cvrf
больше 8 лет назад

Security update for git

EPSS

Процентиль: 91%
0.06968
Низкий

9 Critical

CVSS2

8.8 High

CVSS3