Back to search
CVE-2017-1000117
Published: Oct 4, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3934
vendor-advisory
x_refsource_DEBIAN
RHSA-2017:2674
vendor-advisory
x_refsource_REDHAT
1039131
vdb-entry
x_refsource_SECTRACK
42599
exploit
x_refsource_EXPLOIT-DB
RHSA-2017:2675
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2484
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2491
vendor-advisory
x_refsource_REDHAT
https://support.apple.com/HT208103
x_refsource_CONFIRM
100283
vdb-entry
x_refsource_BID
GLSA-201709-10
vendor-advisory
x_refsource_GENTOO
RHSA-2017:2485
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now