Количество 17
Количество 17
GHSA-v6w3-vcjx-mwhx
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ...
ELSA-2018-1957
ELSA-2018-1957: git security update (IMPORTANT)
BDU:2018-01486
Уязвимость распределенной системы управления версиями Git, связанная с ошибками в обработке специально сформированных имён подмодулей, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2018:1553-1
Security update for git
SUSE-SU-2018:1872-1
Security update for git
SUSE-SU-2018:1566-2
Security update for git
SUSE-SU-2018:1566-1
Security update for git
openSUSE-SU-2018:2502-1
Security update for libgit2
SUSE-SU-2018:2469-1
Security update for libgit2
openSUSE-SU-2018:3519-1
Security update for libgit2
SUSE-SU-2018:3440-1
Security update for libgit2
openSUSE-SU-2020:0598-1
Security update for git
SUSE-SU-2020:1121-1
Security update for git
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v6w3-vcjx-mwhx In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | CVSS3: 7.8 | 40% Средний | больше 3 лет назад |
 | CVE-2018-11235 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | CVSS3: 7.8 | 40% Средний | больше 7 лет назад |
 | CVE-2018-11235 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | CVSS3: 8.8 | 40% Средний | больше 7 лет назад |
 | CVE-2018-11235 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | CVSS3: 7.8 | 40% Средний | больше 7 лет назад |
| CVE-2018-11235 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ... | CVSS3: 7.8 | 40% Средний | больше 7 лет назад |
| ELSA-2018-1957 ELSA-2018-1957: git security update (IMPORTANT) | больше 7 лет назад | ||
 | BDU:2018-01486 Уязвимость распределенной системы управления версиями Git, связанная с ошибками в обработке специально сформированных имён подмодулей, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.8 | 40% Средний | больше 7 лет назад |
 | openSUSE-SU-2018:1553-1 Security update for git | больше 7 лет назад | ||
| SUSE-SU-2018:1872-1 Security update for git | больше 7 лет назад | ||
| SUSE-SU-2018:1566-2 Security update for git | около 7 лет назад | ||
| SUSE-SU-2018:1566-1 Security update for git | больше 7 лет назад | ||
| openSUSE-SU-2018:2502-1 Security update for libgit2 | около 7 лет назад | ||
| SUSE-SU-2018:2469-1 Security update for libgit2 | около 7 лет назад | ||
| openSUSE-SU-2018:3519-1 Security update for libgit2 | около 7 лет назад | ||
| SUSE-SU-2018:3440-1 Security update for libgit2 | около 7 лет назад | ||
| openSUSE-SU-2020:0598-1 Security update for git | больше 5 лет назад | ||
| SUSE-SU-2020:1121-1 Security update for git | больше 5 лет назад |
Уязвимостей на страницу