Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when “git clone –recurse-submodules” is used. (CVE-2018-11235)

It was discovered that an integer overflow existed in git’s pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233)

Affected Cloud Foundry Products and Versions

Severity is high unless otherwise noted.

All versions of Cloud Foundry cflinuxfs2 prior to 1.213.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.213.0 or later.

References

USN-3671-1
CVE-2018-11233
CVE-2018-11235

nessus 42

openvas 37

amazon 2

fedora 15

photon 4

mageia 1

gentoo 1

freebsd 2

apple 2

redhat 2

slackware 1

threatpost 1

archlinux 1

suse 4

ubuntu 1

debiancve 2

veracode 3

osv 3

cvelist 2

nvd 2

prion 2

cve 2

redhatcve 2

ubuntucve 2

alpinelinux 2

exploitdb 2

debian 2

ibm 1

checkpoint_advisories 1

packetstorm 2

centos 1

zdt 2

oraclelinux 1

exploitpack 1

rosalinux 1

nessus

Fedora 27 : git (2018-080a3d7866)

2018-06-04 00:00:00

SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-1)

2018-06-08 00:00:00

openSUSE Security Update : git (openSUSE-2019-410)

2019-03-27 00:00:00

openvas

Ubuntu: Security Advisory (USN-3671-1)

2018-06-07 00:00:00

Apple Xcode Code < 9.4.1 Multiple Vulnerabilities

2018-06-14 00:00:00

Mageia: Security Advisory (MGASA-2018-0267)

2022-01-28 00:00:00

amazon

Important: git

2018-06-08 18:31:00

Important: git

2018-06-07 23:44:00

fedora

[SECURITY] Fedora 28 Update: git-2.17.1-2.fc28

2018-06-01 12:06:15

[SECURITY] Fedora 28 Update: git-2.17.2-1.fc28

2018-10-10 22:47:45

[SECURITY] Fedora 27 Update: git-2.14.4-1.fc27

2018-06-01 12:21:29

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0145

2018-06-04 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0053

2018-06-04 00:00:00

Important Photon OS Security Update - PHSA-2018-0053

2018-06-04 00:00:00

mageia

Updated git packages fix security vulnerabilities

2018-06-03 14:02:21

gentoo

Git: Multiple vulnerabilities

2018-05-30 00:00:00

freebsd

Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)

2018-05-29 00:00:00

Libgit2 -- Fixing insufficient validation of submodule names

2018-05-29 00:00:00

apple

About the security content of Xcode 9.4.1

2018-06-13 00:00:00

About the security content of Xcode 9.4.1 - Apple Support

2018-06-13 05:39:31

redhat

(RHSA-2018:2147) Important: rh-git29-git security update

2018-07-10 08:08:55

(RHSA-2018:1957) Important: git security update

2018-06-20 22:09:22

slackware

[slackware-security] git

2018-06-01 21:57:46

threatpost

Bug In Git Opens Developer Systems Up to Attack

2018-05-30 20:12:47

archlinux

[ASA-201806-1] git: multiple issues

2018-06-01 00:00:00

suse

Security update for git (important)

2018-06-06 03:06:59

Security update for libgit2 (important)

2018-08-25 00:07:49

Security update for libgit2 (moderate)

2018-10-27 00:24:13

ubuntu

Git vulnerabilities

2018-06-05 00:00:00

debiancve

CVE-2018-11233

2018-05-30 04:29:00

CVE-2018-11235

2018-05-30 04:29:00

veracode

Information Disclosure

2019-01-15 09:24:57

Remote Code Execution (RCE)

2019-01-15 09:24:01

Remote Code Execution (RCE)

2018-06-07 04:52:21

osv

CVE-2018-11233

2018-05-30 04:29:00

CVE-2018-11235

2018-05-30 04:29:00

git - security update

2018-05-29 00:00:00

cvelist

CVE-2018-11233

2018-05-30 04:00:00

CVE-2018-11235

2018-05-30 04:00:00

nvd

CVE-2018-11233

2018-05-30 04:29:00

CVE-2018-11235

2018-05-30 04:29:00

prion

Out-of-bounds

2018-05-30 04:29:00

Directory traversal

2018-05-30 04:29:00

cve

CVE-2018-11233

2018-05-30 04:29:00

CVE-2018-11235

2018-05-30 04:29:00

redhatcve

CVE-2018-11233

2018-05-30 00:49:28

CVE-2018-11235

2018-05-30 00:49:00

ubuntucve

CVE-2018-11233

2018-05-30 00:00:00

CVE-2018-11235

2018-05-30 00:00:00

alpinelinux

CVE-2018-11233

2018-05-30 04:29:00

CVE-2018-11235

2018-05-30 04:29:00

exploitdb

Git < 2.17.1 - Remote Code Execution

2018-06-01 00:00:00

Git Submodule - Arbitrary Code Execution

2018-10-16 00:00:00

debian

[SECURITY] [DSA 4212-1] git security update

2018-05-29 20:44:01

[SECURITY] [DSA 4212-1] git security update

2018-05-29 20:44:01

ibm

Security Bulletin: A vulnerability in git affects PowerKVM

2018-09-26 17:55:02

checkpoint_advisories

Git Submodules Directory Traversal (CVE-2018-11235)

2020-02-25 00:00:00

packetstorm

Git Remote Code Execution

2018-06-01 00:00:00

Git Submodule Arbitrary Code Execution

2018-10-17 00:00:00

centos

emacs, git, gitk, gitweb, perl security update

2018-06-22 17:15:23

zdt

Git < 2.17.1 - Remote Code Execution Exploit

2018-06-01 00:00:00

Sourcetree Remote Code Execution Exploit

2018-07-25 00:00:00

oraclelinux

git security update

2018-06-20 00:00:00

exploitpack

Git Submodule - Arbitrary Code Execution

2018-10-16 00:00:00

rosalinux

Advisory ROSA-SA-2021-1843

2021-07-02 16:45:45

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CFOUNDRY:AA695C18E58815C20B5513A41FAEAAE9