CVE-2018-19486
published 2018-11-23CVE-2018-19486: Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the…
PriorityP349critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.12%
89.5th percentile
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | git | < git 1:2.19.2-1 (bookworm) | git 1:2.19.2-1 (bookworm) |
| git-scm | git | < 2.19.2 | 2.19.2 |
| git | git | >= 0 < 1:2.19.2-1 | 1:2.19.2-1 |
| git | git | >= 0 < 1:2.19.2-1 | 1:2.19.2-1 |
| git | git | >= 0 < 1:2.19.2-1 | 1:2.19.2-1 |
| git | git | >= 0 < 1:2.19.2-1 | 1:2.19.2-1 |
| git | git | >= 0 < 1:1.9.1-1ubuntu0.10 | 1:1.9.1-1ubuntu0.10 |
| git | git | >= 0 < 1:2.7.4-0ubuntu1.6 | 1:2.7.4-0ubuntu1.6 |
| git | git | >= 0 < 1:2.17.1-1ubuntu0.4 | 1:2.17.1-1ubuntu0.4 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4rxq-j825-6wv8: Git before 2
ghsa_unreviewed·2022-05-14
CVE-2018-19486 [CRITICAL] CWE-426 GHSA-4rxq-j825-6wv8: Git before 2
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
OSV
git vulnerabilities
osv·2018-11-27·CVSS 5.5
CVE-2017-15298 [MEDIUM] git vulnerabilities
git vulnerabilities
It was discovered that Git incorrectly handled layers of tree objects.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2017-15298)
It was discovered that Git incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-19486)
OSV
CVE-2018-19486: Git before 2
osv·2018-11-23·CVSS 9.8
CVE-2018-19486 [CRITICAL] CVE-2018-19486: Git before 2
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Ubuntu
Git vulnerabilities
vendor_ubuntu·2018-11-27·CVSS 5.5
CVE-2017-15298 [MEDIUM] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
It was discovered that Git incorrectly handled layers of tree objects.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2017-15298)
It was discovered that Git incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-19486)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
git: Improper handling of PATH allows for commands to be executed from the current directory
vendor_redhat·2018-10-24·CVSS 9.8
CVE-2018-19486 [CRITICAL] CWE-426 git: Improper handling of PATH allows for commands to be executed from the current directory
git: Improper handling of PATH allows for commands to be executed from the current directory
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Package: git (Red Hat Enterprise Linux 6) - Not affected
Package: git (Red Hat Enterprise Linux 7) - Not affected
Package: git (Red Hat Enterprise Linux 8) - Not affected
Package: rh-git29-git (Red Hat Software Collections) - Not affected
Debian
CVE-2018-19486: git - Git before 2.19.2 on Linux and UNIX executes commands from the current working d...
vendor_debian·2018·CVSS 9.8
CVE-2018-19486 [CRITICAL] CVE-2018-19486: git - Git before 2.19.2 on Linux and UNIX executes commands from the current working d...
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Scope: local
bookworm: resolved (fixed in 1:2.19.2-1)
bullseye: resolved (fixed in 1:2.19.2-1)
forky: resolved (fixed in 1:2.19.2-1)
sid: resolved (fixed in 1:2.19.2-1)
trixie: resolved (fixed in 1:2.19.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [fedora-all]
bugzilla·2018-11-26·CVSS 9.8
CVE-2018-19486 [CRITICAL] CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [fedora-all]
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: thi
Bugzilla
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory
bugzilla·2018-11-26·CVSS 9.8
CVE-2018-19486 [CRITICAL] CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Upstream Patch:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd823
Reference:
https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt
Discussion:
Created git tracking bugs for this issue:
Affects: epel-all [bug 1653145]
Affects: fedora-all [bug 1653144]
---
The change in question (e3a434468f) appeared first in 2.13.2 and 2.14.
---
This issue has been addressed in the follo
Bugzilla
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [epel-all]
bugzilla·2018-11-26·CVSS 9.8
CVE-2018-19486 [CRITICAL] CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [epel-all]
CVE-2018-19486 git: Improper handling of PATH allows for commands to be executed from the current directory [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
http://www.securityfocus.com/bid/106020http://www.securitytracker.com/id/1042166https://access.redhat.com/errata/RHSA-2018:3800https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txthttps://security.gentoo.org/glsa/201904-13https://usn.ubuntu.com/3829-1/http://www.securityfocus.com/bid/106020http://www.securitytracker.com/id/1042166https://access.redhat.com/errata/RHSA-2018:3800https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txthttps://security.gentoo.org/glsa/201904-13https://usn.ubuntu.com/3829-1/
2018-11-23
Published