Search Results (Refine Search)
- CPE Product Version: cpe:/a:git-scm:git:2.11.0:rc2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-1000117 |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. Published: October 04, 2017; 9:29:04 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |