|
| Description: | | A command execution vulnerability exists in the Git client. A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. |
|
| Impact: | | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. |
|
| Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS |
|
| Reference: | | SecurityFocusBID:100283
ExploitDB:42599
http://www.debian.org/security/2017/dsa-3934
SecurityTrackerID:1039131
|
|