CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
52.5%
GIT version 2.15.1 and earlier contains a Input Validation Error
vulnerability in Client that can result in problems including messing up
terminal configuration to RCE. This attack appear to be exploitable via The
user must interact with a malicious git server, (or have their traffic
modified in a MITM attack).
Author | Note |
---|---|
eslerm | no fix mentioned upstream |
mdeslaur | This is really an issue with terminal emulators that allow executing arbitrary code by displaying ANSI escape sequences. Terminal emulators in Ubuntu do not allow executing arbitrary code, so this issue is moot. It is unlikely that git will ever fix this CVE to protect against vulnerable terminal emulators. |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
52.5%