GitHub Git LFS prior to 2.1.1 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
git large file storage project git large file storage |