|
Description: | | A command execution vulnerability exists in the Git client. A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. |
|
Impact: | | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. |
|
Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS |
|
Reference: | | SecurityFocusBID:100283 ExploitDB:42599 http://www.debian.org/security/2017/dsa-3934 SecurityTrackerID:1039131
|
|