vulnerability

Oracle Linux: CVE-2017-1000117: ELSA-2017-2484: git security update (IMPORTANT) (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Aug 10, 2017
Added
Dec 20, 2017
Modified
Dec 3, 2025

Description

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.

Solutions

oracle-linux-upgrade-emacs-gitoracle-linux-upgrade-emacs-git-eloracle-linux-upgrade-gitoracle-linux-upgrade-git-alloracle-linux-upgrade-git-bzroracle-linux-upgrade-git-cvsoracle-linux-upgrade-git-daemonoracle-linux-upgrade-git-emailoracle-linux-upgrade-git-guioracle-linux-upgrade-git-hgoracle-linux-upgrade-gitkoracle-linux-upgrade-git-p4oracle-linux-upgrade-git-svnoracle-linux-upgrade-gitweboracle-linux-upgrade-perl-gitoracle-linux-upgrade-perl-git-svn

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today