CVE-2018-17456
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Productos afectados
n/a · n/aPoCs públicas encontradas — 11
githubgithub.com/AnonymKing/CVE-2018-17456★ 5githubgithub.com/jiahuiLeee/test★ 0githubgithub.com/KKkai0315/CVE-2018-17456★ 0githubgithub.com/shpik-kr/CVE-2018-17456★ 0githubgithub.com/matlink/CVE-2018-17456★ 0githubgithub.com/799600966/CVE-2018-17456★ 0exploitdbwww.exploit-db.com/exploits/45548no verificadocve_referencewww.exploit-db.com/exploits/45548/no verificadocve_referencewww.exploit-db.com/exploits/45631/no verificadoexploitdbwww.exploit-db.com/exploits/45631no verificadocve_referencepacketstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.htmlhttp://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.htmlhttps://access.redhat.com/errata/RHSA-2018:3408https://access.redhat.com/errata/RHSA-2018:3505https://access.redhat.com/errata/RHSA-2018:3541https://access.redhat.com/errata/RHSA-2020:0316https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46https://marc.info/?l=git&m=153875888916397&w=2https://seclists.org/bugtraq/2019/Mar/30https://usn.ubuntu.com/3791-1/https://www.debian.org/security/2018/dsa-4311