Описание
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2.17.1-1ubuntu0.4 |
| devel | released | 1:2.25.0-1ubuntu1 |
| disco | released | 1:2.20.1-2ubuntu1.19.04.1 |
| eoan | released | 1:2.20.1-2ubuntu1.19.10.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2.17.1-1ubuntu0.4 |
| esm-infra/xenial | not-affected | 2.7.4-0ubuntu1.6 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
EPSS
9.3 Critical
CVSS2
7.8 High
CVSS3
Связанные уязвимости
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x b ...
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
Уязвимость системы управления версиями GIT, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
9.3 Critical
CVSS2
7.8 High
CVSS3