) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:git-scm:git:2.4.10
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-1000117 |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. Published: October 04, 2017; 9:29:04 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-14867 |
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. Published: September 28, 2017; 9:34:50 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-2324 |
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Published: April 08, 2016; 10:59:02 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |