Lucene search

K

GoogleOSV:CVE-2017-8386

HistoryJun 01, 2017 - 4:29 p.m.

CVE-2017-8386

2017-06-0116:29:00

Google

osv.dev

7

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

CPENameOperatorVersion
giteq2.5.0-r0
giteq1.6.4.2-r0
giteq1.6.5.3-r0
giteq1.7.9.5-r0
giteq1.6.1-r0
giteq1.8.3-r0
giteq1.8.5.1-r0
giteq1.6.0.4-r1
giteq1.8.3.2-r0
giteq1.7.11.4-r0

Rows per page:

1-10 of 1831

References

lists.opensuse.org/opensuse-updates/2017-05/msg00090.html

public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/

www.debian.org/security/2017/dsa-3848

www.securityfocus.com/bid/98409

www.securitytracker.com/id/1038479

www.ubuntu.com/usn/USN-3287-1

access.redhat.com/errata/RHSA-2017:2004

access.redhat.com/errata/RHSA-2017:2491

insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/

kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/

security.gentoo.org/glsa/201706-04

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

Related for OSV:CVE-2017-8386