A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
git-scm git 2.8.0 |
||
git-scm git 2.8.1 |
||
git-scm git 2.8.2 |
||
git-scm git 2.8.3 |
||
git-scm git 2.8.4 |
||
git-scm git 2.8.5 |
||
git-scm git 2.9.0 |
||
git-scm git 2.9.1 |
||
git-scm git 2.9.2 |
||
git-scm git 2.9.3 |
||
git-scm git 2.9.4 |
||
git-scm git 2.10.0 |
||
git-scm git 2.10.1 |
||
git-scm git 2.10.2 |
||
git-scm git 2.10.3 |
||
git-scm git 2.11.0 |
||
git-scm git 2.11.1 |
||
git-scm git 2.11.2 |
||
git-scm git 2.12.0 |
||
git-scm git 2.12.1 |
||
git-scm git 2.12.2 |
||
git-scm git 2.12.3 |
||
git-scm git 2.13.0 |
||
git-scm git 2.13.1 |
||
git-scm git 2.13.2 |
||
git-scm git 2.13.3 |
||
git-scm git 2.13.4 |
||
git-scm git 2.14.0 |
||
git-scm git |
Git, Mercurial, SVN patched; CVS hasn't got around to it yet
Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue also affects the ancient CVS (Concurrent Versions System). Schneeweisz writes that he first spotted the issue in Git LFS (Large File Storage) in May, and worked out that an a...