CVE-2015-7545 — Improper Input Validation in Project GIT
Severity
9.8CRITICALNVD
EPSS
34.7%
top 2.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 13
Latest updateMay 14
Description
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3rvg-chjx-7h2j: The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2↗2022-05-14
OSV▶
CVE-2015-7545: The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2↗2016-04-13
CVEList▶
CVE-2015-7545: The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2↗2016-04-13
📋Vendor Advisories
3💬Community
7HackerOne▶
git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules↗2016-01-25