CVE-2018-17456
published 2018-10-06CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | git | < git 1:2.19.1-1 (bookworm) | git 1:2.19.1-1 (bookworm) |
| git-scm | git | >= 2.14.0 < 2.14.5 | 2.14.5 |
| git-scm | git | >= 2.15.0 < 2.15.3 | 2.15.3 |
| git-scm | git | >= 2.16.0 < 2.16.5 | 2.16.5 |
| git-scm | git | >= 2.17.0 < 2.17.2 | 2.17.2 |
| git-scm | git | >= 2.18.0 < 2.18.1 | 2.18.1 |
| git-scm | git | >= 2.19.0 < 2.19.1 | 2.19.1 |
| git | git | >= 0 < 1:2.19.1-1 | 1:2.19.1-1 |
| git | git | >= 0 < 1:2.19.1-1 | 1:2.19.1-1 |
| git | git | >= 0 < 1:2.19.1-1 | 1:2.19.1-1 |
| git | git | >= 0 < 1:2.19.1-1 | 1:2.19.1-1 |
| redhat | ansible_tower | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL