oss-sec mailing list archives
CVE-2018-17456 Git RCE via .gitmodules
From: joernchen <joernchen () phenoelit de>
Date: Sat, 6 Oct 2018 13:40:04 +0200
Hey, just a short heads up to oss-sec: Git has just [0] released Versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 which mitigate CVE-2018-17456, an RCE issue I found within the handling of Git submodules. More specifically this issue allows execution of arbitrary commands via a argument injection to subsequent `git clone` operations using the `url` parameter in the `.gitmodules` file. Cheers, joernchen [0] https://marc.info/?l=git&m=153875888916397&w=2 -- joernchen ~ Phenoelit <joernchen () phenoelit de> ~ C776 3F67 7B95 03BF 5344 http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC
Current thread:
- CVE-2018-17456 Git RCE via .gitmodules joernchen (Oct 06)