Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianDblackATLASSIAN:SRCTREE-5246
HistoryDec 21, 2017 - 5:04 a.m.

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

2017-12-2105:04:52
dblack
jira.atlassian.com
64

EPSS

0.007

Percentile

80.5%

JSON

The embedded version of [Git LFS|https://git-lfs.github.com] used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. This vulnerability can also be triggered from a web page through the use of the Sourcetree URI handler.

Affected versions:

  • Versions of Sourcetree for macOS starting with 2.1 before version 2.7.0 are affected by this vulnerability

Fix:

For additional details see the [full advisory|https://confluence.atlassian.com/x/lIIyO].

Related

atlassian 1
nessus 11
veracode 2
nvd 4
debiancve 2
cvelist 4
github 2
cve 4
osv 9
prion 4
ubuntucve 2
openvas 6
debian 4
hackerone 1
redhatcve 1
mageia 1
rosalinux 1
atlassian
atlassian
Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831
2017-12-21 05:04:52
nessus
nessus
Atlassian SourceTree 0.5.1.0 < 2.4.7.0 Multiple Vulnerabilities
2018-02-16 00:00:00
openSUSE Security Update : mercurial (openSUSE-2017-1388)
2017-12-18 00:00:00
EulerOS 2.0 SP3 : mercurial (EulerOS-SA-2021-1816)
2021-04-30 00:00:00
veracode
veracode
Remote Command Execution (RCE)
2017-12-22 02:56:22
Arbitrary Code Execution
2017-12-08 02:42:43
nvd
nvd
CVE-2017-17831
2017-12-21 06:29:00
CVE-2017-14592
2018-01-26 02:29:02
CVE-2017-17458
2017-12-07 18:29:00
debiancve
debiancve
CVE-2017-17831
2017-12-21 06:29:00
CVE-2017-17458
2017-12-07 18:29:00
cvelist
cvelist
CVE-2017-17831
2017-12-21 06:00:00
CVE-2017-14592
2018-01-26 02:00:00
CVE-2017-17458
2017-12-07 18:00:00
github
github
GitHub Git LFS Arbitrary command execution vulnerability
2022-05-14 00:55:16
Mercurial vulnerable to arbitrary code injection
2022-05-13 01:24:56
cve
cve
CVE-2017-17831
2017-12-21 06:29:00
CVE-2017-14592
2018-01-26 02:29:02
CVE-2017-17458
2017-12-07 18:29:00
osv
osv
GitHub Git LFS Arbitrary command execution vulnerability
2022-05-14 00:55:16
Arbitrary command execution in github.com/git-lfs/git-lfs
2021-04-14 20:04:52
CVE-2017-17831
2017-12-21 06:29:00
prion
prion
Arbitrary file deletion
2017-12-21 06:29:00
Command injection
2018-01-26 02:29:00
Code injection
2017-12-07 18:29:00
ubuntucve
ubuntucve
CVE-2017-17831
2017-12-21 00:00:00
CVE-2017-17458
2017-12-07 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1224-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2021-1816)
2021-05-03 00:00:00
Mageia: Security Advisory (MGASA-2018-0041)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 1414-2] mercurial regression update
2018-07-27 18:52:14
[SECURITY] [DLA 1224-1] mercurial security update
2017-12-28 17:41:16
[SECURITY] [DLA 1414-1] mercurial security update
2018-07-05 21:00:52
hackerone
hackerone
Internet Bug Bounty: Mercurial git subrepo lead to arbritary command injection
2017-12-01 03:32:27
redhatcve
redhatcve
CVE-2017-17458
2017-12-11 09:49:44
mageia
mageia
Updated mercurial packages fix security vulnerability
2018-01-03 17:22:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1918
2021-07-02 17:29:24

EPSS

0.007

Percentile

80.5%

JSON
Related for ATLASSIAN:SRCTREE-5246
atlassian1nessus11veracode2nvd4debiancve2cvelist4github2cve4osv9prion4ubuntucve2openvas6debian4hackerone1redhatcve1mageia1rosalinux1