- Home
- CVEs with nessus.description==Resolve+an+arbitrary+code+execution+vulnerability+via+crafted+%27ssh%3A%2F%2F%27+URL+%28CVE-2017-1000117%29.%0A%0AFrom+the+%5Brelease+announcement%5D%28https%3A%2F%2Fpublic-inbox.org%2Fgit%2Fxmqqh8xf482j.fsf%40gitster.mt+v.corp.google.com%2F%29+%3A%0A%0AA+malicious+third-party+can+give+a+crafted+%27ssh%3A%2F%2F...%27+URL+to+an+unsuspecting+victim%2C+and+an+attempt+to+visit+the+URL+can+result+in+any+program+that+exists+on+the+victim%27s+machine+being+executed.+Such+a+URL+could+be+placed+in+the+.gitmodules+file+of+a+malicious+project%2C+and+an+unsuspecting+victim+could+be+tricked+into+running+%27git+clone%0A--recurse-submodules%27+to+trigger+the+vulnerability.%0A%0ACredits+to+find+and+fix+the+issue+go+to+Brian+Neel+at+GitLab%2C+Joern+Schneeweisz+of+Recurity+Labs+and+Jeff+King+at+GitHub.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Fedora+update+system+website.%0ATenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top