Lucene search
GoogleOSV:GHSA-W4XH-W33P-4V29HistoryMay 14, 2022 - 12:55 a.m.
GitHub Git LFS Arbitrary command execution vulnerability
2022-05-1400:55:16
Google
osv.dev
6
github
git lfs
command execution
vulnerability
fix
version 2.1.1
ssh url
repository
lfsconfig file
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a url = line in a .lfsconfig file within a repository.
Specific Go Packages Affected
References
blog.recurity-labs.com/2017-08-10/scm-vulns
www.securityfocus.com/bid/102926
confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
github.com/git-lfs/git-lfs
github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
github.com/git-lfs/git-lfs/pull/2241
github.com/git-lfs/git-lfs/pull/2242
github.com/git-lfs/git-lfs/releases/tag/v2.1.1
nvd.nist.gov/vuln/detail/CVE-2017-17831
pkg.go.dev/vuln/GO-2021-0073
web.archive.org/web/20200227131639/www.securityfocus.com/bid/102926
Related
veracode
veracode
Remote Command Execution (RCE)
2017-12-22 02:56:22
nvd
nvd
CVE-2017-17831
2017-12-21 06:29:00
debiancve
debiancve
CVE-2017-17831
2017-12-21 06:29:00
cvelist
cvelist
CVE-2017-17831
2017-12-21 06:00:00
github
github
GitHub Git LFS Arbitrary command execution vulnerability
2022-05-14 00:55:16
cve
cve
CVE-2017-17831
2017-12-21 06:29:00
prion
prion
Arbitrary file deletion
2017-12-21 06:29:00
osv
osv
Arbitrary command execution in github.com/git-lfs/git-lfs
2021-04-14 20:04:52
CVE-2017-17831
2017-12-21 06:29:00
ubuntucve
ubuntucve
CVE-2017-17831
2017-12-21 00:00:00
nessus
nessus
Atlassian SourceTree 0.5.1.0 < 2.4.7.0 Multiple Vulnerabilities
2018-02-16 00:00:00
atlassian
atlassian