Back to search
CVE-2018-17456
Published: Oct 6, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
45631
exploit
x_refsource_EXPLOIT-DB
105523
vdb-entry
x_refsource_BID
1041811
vdb-entry
x_refsource_SECTRACK
DSA-4311
vendor-advisory
x_refsource_DEBIAN
RHSA-2018:3505
vendor-advisory
x_refsource_REDHAT
45548
exploit
x_refsource_EXPLOIT-DB
RHSA-2018:3541
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3408
vendor-advisory
x_refsource_REDHAT
https://marc.info/?l=git&m=153875888916397&w=2
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2018/10/06/3
x_refsource_MISC
USN-3791-1
vendor-advisory
x_refsource_UBUNTU
20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
107511
vdb-entry
x_refsource_BID
RHSA-2020:0316
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2020:0598
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now