CVE-2018-17456

CVE Database · CVE-2018-17456

CVE-2018-17456

· N/AModified

CVSS v3.1

N/A

EPSS

97.36%

Published

Oct 6, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (3)

All weaponized →

Exploit-DBGit Submodule - Arbitrary Code Execution Exploit-DBGit Submodule - Arbitrary Code Execution (PoC)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

Weaknesses (CWE)

CWE-88

Affected Products (24)

git-scm · git (up to 2.14.5)vulnerable

git-scm · git (up to 2.15.3)vulnerable

git-scm · git (up to 2.16.5)vulnerable

git-scm · git (up to 2.17.2)vulnerable

git-scm · git (up to 2.18.1)vulnerable

git-scm · git (up to 2.19.1)vulnerable

redhat · ansible_towervulnerable

redhat · enterprise_linuxvulnerable