{"vulnerability": "CVE-2018-11235", "sightings": [{"uuid": "560bade7-090f-4081-9d61-19fb9fa165b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6156", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aGit Submodule RCE\nURL\uff1ahttps://github.com/zerbaliy3v/CVE-2018-11235-Git-Submodule-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-12-12T19:52:49.000000Z"}, {"uuid": "f857b1fb-f758-4bb5-ad34-bc55eda929ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "published-proof-of-concept", "source": "https://t.me/antichat/1557", "content": "#\u043f\u0440\u0438\u043a\u043b\u0430\u0434 #exploit #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u041f\u043e\u0447\u0435\u043c\u0443 \u043f\u043e\u0440\u0430 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Git?\n\nRCE \u0432 Git. \u041d\u0435 \u0442\u043e, \u0447\u0442\u043e\u0431\u044b \u0449\u0430 \u043f\u0440\u044f\u043c \u0432\u0441\u0435\u0445 \u0437\u0430\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044f\u0442: \u0447\u0442\u043e\u0431\u044b \u0435\u0435 \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u043d\u0443\u0442\u044c, \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u0434\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u043e\u0434\u043c\u043e\u0434\u0443\u043b\u0438 (submodules) \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432. \u041d\u0443 \u0430 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0443\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u043e\u0435\u043a\u0442 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 submodules. \u041d\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u043f\u0443\u0442\u0435\u0439, \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u043e\u0439\u0434\u0435\u0442 \u0432 \u0432\u0438\u0434\u0435 \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e, \u0441\u043a\u0430\u0436\u0435\u043c Bash, \u0441\u043a\u0440\u0438\u043f\u0442\u0430. \u0412\u043e\u0442 \u0442\u0443\u0442 \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442\u0441\u044f, \u043a\u0430\u043a \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c: https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/.\n\n\u041f\u0430\u0442\u0447\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 2.17.1, 2.16.4, 2.15.2, 2.14.4, 2.13.7. \u041a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c. \u0410 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u043f\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u043f\u0446\u0438\u044f transfer.fsckObjects, \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0443 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 submodules. \u041f\u043e \u0434\u0435\u0444\u043e\u043b\u0442\u0443 \u043e\u043d\u0430 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430, \u0442\u0430\u043a \u0447\u0442\u043e \u043d\u0430\u0434\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c.\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u043e\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u043e\u0436\u043d\u043e \u043e\u0447\u0435\u043d\u044c \u043f\u0440\u043e\u0441\u0442\u043e, \u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c:\n\ngit init test && cd test && git update-index --add --cacheinfo 120000,e69de29bb2d1d6434b8b29ae775ad8c2e48c5391,.gitmodules\n\n\"\u0425\u043e\u0440\u043e\u0448\u0438\u0439\" \u043e\u0442\u0432\u0435\u0442 \u043e\u0442 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438:\n\nerror: Invalid path '.gitmodules'\nfatal: git update-index: --cacheinfo cannot add .gitmodules", "creation_timestamp": "2018-06-05T17:15:07.000000Z"}, {"uuid": "f7352df8-3509-49a7-8502-3010f3af00dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "published-proof-of-concept", "source": "https://t.me/cKure/34", "content": "https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/", "creation_timestamp": "2018-06-04T03:59:31.000000Z"}, {"uuid": "ad49489d-77b7-4efc-a3f8-2e2adb4e02df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "seen", "source": "https://t.me/arpsyndicate/1817", "content": "#ExploitObserverAlert\n\nCVE-2018-11235\n\nDESCRIPTION: Exploit Observer has 62 entries related to CVE-2018-11235. In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.\n\nFIRST-EPSS: 0.004470000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-16T12:05:56.000000Z"}, {"uuid": "f190ec4a-90e0-4f7f-b4f0-2e182952b5ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/1976", "content": "https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/", "creation_timestamp": "2018-06-04T20:08:49.000000Z"}, {"uuid": "c3cc51ba-064b-4e82-be11-1fc760fb7e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/3895", "content": "CVE-2018-11235 git RCE\nhttps://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/", "creation_timestamp": "2018-06-03T21:49:14.000000Z"}, {"uuid": "72cf2801-a4be-48d5-8ac7-f9c51b0a1257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "seen", "source": "https://t.me/canyoupwnme/3871", "content": "CVE-2018-11235 : Security vulnerability in Git\nhttps://lkml.org/lkml/2018/5/29/889", "creation_timestamp": "2018-05-30T11:57:16.000000Z"}, {"uuid": "f32b6a4e-4dff-4457-a71f-05c805e878bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-11235", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/1578", "content": "CVE-2018-11235 git RCE https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/", "creation_timestamp": "2018-06-04T14:54:23.000000Z"}]}