A malicious third-party can give a crafted ssh://… URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victims machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running git clone –recurse-submodules to trigger the vulnerability.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Git | Git-scm | * | 2.7.5 (including) |
Git | Git-scm | 2.8.0 (including) | 2.8.0 (including) |
Git | Git-scm | 2.8.0-rc0 (including) | 2.8.0-rc0 (including) |
Git | Git-scm | 2.8.0-rc1 (including) | 2.8.0-rc1 (including) |
Git | Git-scm | 2.8.0-rc2 (including) | 2.8.0-rc2 (including) |
Git | Git-scm | 2.8.0-rc3 (including) | 2.8.0-rc3 (including) |
Git | Git-scm | 2.8.1 (including) | 2.8.1 (including) |
Git | Git-scm | 2.8.2 (including) | 2.8.2 (including) |
Git | Git-scm | 2.8.3 (including) | 2.8.3 (including) |
Git | Git-scm | 2.8.4 (including) | 2.8.4 (including) |
Git | Git-scm | 2.8.5 (including) | 2.8.5 (including) |
Git | Git-scm | 2.9.0 (including) | 2.9.0 (including) |
Git | Git-scm | 2.9.0-rc0 (including) | 2.9.0-rc0 (including) |
Git | Git-scm | 2.9.0-rc1 (including) | 2.9.0-rc1 (including) |
Git | Git-scm | 2.9.0-rc2 (including) | 2.9.0-rc2 (including) |
Git | Git-scm | 2.9.1 (including) | 2.9.1 (including) |
Git | Git-scm | 2.9.2 (including) | 2.9.2 (including) |
Git | Git-scm | 2.9.3 (including) | 2.9.3 (including) |
Git | Git-scm | 2.9.4 (including) | 2.9.4 (including) |
Git | Git-scm | 2.10.0 (including) | 2.10.0 (including) |
Git | Git-scm | 2.10.0-rc0 (including) | 2.10.0-rc0 (including) |
Git | Git-scm | 2.10.0-rc1 (including) | 2.10.0-rc1 (including) |
Git | Git-scm | 2.10.0-rc2 (including) | 2.10.0-rc2 (including) |
Git | Git-scm | 2.10.1 (including) | 2.10.1 (including) |
Git | Git-scm | 2.10.2 (including) | 2.10.2 (including) |
Git | Git-scm | 2.10.3 (including) | 2.10.3 (including) |
Git | Git-scm | 2.11.0 (including) | 2.11.0 (including) |
Git | Git-scm | 2.11.0-rc0 (including) | 2.11.0-rc0 (including) |
Git | Git-scm | 2.11.0-rc1 (including) | 2.11.0-rc1 (including) |
Git | Git-scm | 2.11.0-rc2 (including) | 2.11.0-rc2 (including) |
Git | Git-scm | 2.11.0-rc3 (including) | 2.11.0-rc3 (including) |
Git | Git-scm | 2.11.1 (including) | 2.11.1 (including) |
Git | Git-scm | 2.11.2 (including) | 2.11.2 (including) |
Git | Git-scm | 2.12.0 (including) | 2.12.0 (including) |
Git | Git-scm | 2.12.0-rc0 (including) | 2.12.0-rc0 (including) |
Git | Git-scm | 2.12.0-rc1 (including) | 2.12.0-rc1 (including) |
Git | Git-scm | 2.12.0-rc2 (including) | 2.12.0-rc2 (including) |
Git | Git-scm | 2.12.1 (including) | 2.12.1 (including) |
Git | Git-scm | 2.12.2 (including) | 2.12.2 (including) |
Git | Git-scm | 2.12.3 (including) | 2.12.3 (including) |
Git | Git-scm | 2.13.0 (including) | 2.13.0 (including) |
Git | Git-scm | 2.13.0-rc0 (including) | 2.13.0-rc0 (including) |
Git | Git-scm | 2.13.0-rc1 (including) | 2.13.0-rc1 (including) |
Git | Git-scm | 2.13.0-rc2 (including) | 2.13.0-rc2 (including) |
Git | Git-scm | 2.13.1 (including) | 2.13.1 (including) |
Git | Git-scm | 2.13.2 (including) | 2.13.2 (including) |
Git | Git-scm | 2.13.3 (including) | 2.13.3 (including) |
Git | Git-scm | 2.13.4 (including) | 2.13.4 (including) |
Git | Git-scm | 2.14.0 (including) | 2.14.0 (including) |
Git | Git-scm | 2.14.0-rc0 (including) | 2.14.0-rc0 (including) |
Git | Git-scm | 2.14.0-rc1 (including) | 2.14.0-rc1 (including) |
Red Hat Enterprise Linux 6 | RedHat | git-0:1.7.1-9.el6_9 | * |
Red Hat Enterprise Linux 7 | RedHat | git-0:1.8.3.1-12.el7_4 | * |
Red Hat Mobile Application Platform 4.5 | RedHat | fh-system-dump-tool-0:1.0.0-5.el7 | * |
Red Hat Mobile Application Platform 4.5 | RedHat | fping-0:3.10-4.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | nagios-0:4.0.8-8.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | nagios-plugins-0:2.0.3-3.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | perl-Crypt-CBC-0:2.33-2.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | perl-Crypt-DES-0:2.05-20.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | perl-Net-SNMP-0:6.0.1-7.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | phantomjs-0:1.9.7-3.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | python-meld3-0:0.6.10-1.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | qstat-0:2.11-13.20080912svn311.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | radiusclient-ng-0:0.5.6-9.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | redis-0:2.8.21-2.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | rhmap-fh-openshift-templates-0:4.5.0-11.el7 | * |
Red Hat Mobile Application Platform 4.5 | RedHat | rhmap-mod_authnz_external-0:3.3.1-7.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | sendEmail-0:1.56-2.el7 | * |
Red Hat Mobile Application Platform 4.5 | RedHat | ssmtp-0:2.64-14.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | supervisor-0:3.1.3-3.el7map | * |
Red Hat Mobile Application Platform 4.5 | RedHat | rhmap45/fh-aaa:1.0.5-12 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-git29-git-0:2.9.3-3.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-git29-git-0:2.9.3-3.el7 | * |
Git | Ubuntu | devel | * |
Git | Ubuntu | trusty | * |
Git | Ubuntu | xenial | * |
Git | Ubuntu | zesty | * |