Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-1000117 — Open Redirect in GIT
CWE-601 — Open RedirectCWE-20 — Improper Input ValidationCWE-77 — Command Injection22 documents13 sources
Severity
8.8HIGHNVD
GHSA9.8
EPSS
76.4%
top 1.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 5
Latest updateMay 13
Description
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
4💥Exploits & PoCs
2📋Vendor Advisories
11💬Community
4Bugzilla▶
CVE-2017-16228 python-dulwich: Setting SSH arguments from untrusted URLs allows code execution↗2017-11-03
Bugzilla
▶