Main
Vulnerability Database
Exploits
ID:1291 - Exploit for OS command injection in Git - CVE-2017-1000117
ID:1291 - Exploit for OS command injection in Git - CVE-2017-1000117
Published: March 18, 2020
Vulnerability identifier: #VU7889
Vulnerability risk: High
CVE-ID: CVE-2017-1000117
CWE-ID: CWE-78
Exploitation vector: Remote access
Vulnerable software:
Git
Git
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The weakness exists due to command injection flaw. A remote attacker (e.g., repository) can return a specially crafted 'ssh://' URL during 'clone' commands to execute arbitrary shell commands with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to command injection flaw. A remote attacker (e.g., repository) can return a specially crafted 'ssh://' URL during 'clone' commands to execute arbitrary shell commands with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2.14.1.