CVE-2018-19486Untrusted Search Path in Ubuntu Linux

CWE-426Untrusted Search Path11 documents8 sources
Severity
9.8CRITICALNVD
OSV5.5
EPSS
0.7%
top 28.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GITGit-scm GITCanonical Ubuntu Linux
Timeline
PublishedNov 23
Latest updateMay 14

Description

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDgit-scm/git< 2.19.2
Debiangit/git< 1:2.19.2-1+3
Ubuntugit/git< 1:1.9.1-1ubuntu0.10+2

Also affects: Ubuntu Linux 18.04, 18.10

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-4rxq-j825-6wv8: Git before 22022-05-14
OSV
git vulnerabilities2018-11-27
CVEList
CVE-2018-19486: Git before 22018-11-23
OSV
CVE-2018-19486: Git before 22018-11-23

📋Vendor Advisories

3
Ubuntu
Git vulnerabilities2018-11-27
Red Hat
git: Improper handling of PATH allows for commands to be executed from the current directory2018-10-24
Debian
CVE-2018-19486: git - Git before 2.19.2 on Linux and UNIX executes commands from the current working d...2018

💬Community

3
Bugzilla
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [fedora-all]2018-11-26
Bugzilla
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory2018-11-26
Bugzilla
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [epel-all]2018-11-26
CVE-2018-19486 — Untrusted Search Path in Ubuntu Linux | cvebase