Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:11853
HistoryJan 15, 2019 - 9:08 a.m.

Arbitrary Shell Command Execution

2019-01-1509:08:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

EPSS

0.08

Percentile

94.3%

JSON

Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules from untrusted sources. The git-remote-ext command will be executed if the local or remote repository is recursively cloned or submodules are updated. The attack can also be triggered when an unencrypted git clone is inserted through a Man-in-the-Middle attack and exploited.

Related

nessus 12
cvelist 1
openvas 12
ubuntu 1
amazon 1
ubuntucve 1
redhat 2
debiancve 1
cve 1
prion 1
debian 2
oraclelinux 2
ibm 1
freebsd 1
nvd 1
centos 1
mageia 1
slackware 1
archlinux 2
hackerone 1
gentoo 1
osv 1
rosalinux 1
nessus
nessus
Debian DSA-3435-1 : git - security update
2016-01-06 00:00:00
Ubuntu 14.04 LTS : Git vulnerability (USN-2835-1)
2015-12-16 00:00:00
RHEL 7 : git (RHSA-2015:2561)
2015-12-09 00:00:00
cvelist
cvelist
CVE-2015-7545
2016-04-13 15:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2835-1)
2015-12-16 00:00:00
Debian: Security Advisory (DSA-3435-1)
2016-01-04 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-613)
2015-12-15 00:00:00
ubuntu
ubuntu
Git vulnerability
2015-12-15 00:00:00
amazon
amazon
Medium: git
2015-12-14 10:00:00
ubuntucve
ubuntucve
CVE-2015-7545
2015-12-09 00:00:00
redhat
redhat
(RHSA-2015:2515) Moderate: git19-git security update
2015-11-25 00:00:00
(RHSA-2015:2561) Moderate: git security update
2015-12-08 10:11:45
debiancve
debiancve
CVE-2015-7545
2016-04-13 15:59:01
cve
cve
CVE-2015-7545
2016-04-13 15:59:01
prion
prion
Design/Logic Flaw
2016-04-13 15:59:00
debian
debian
[SECURITY] [DSA 3435-1] git security update
2016-01-05 21:04:25
[SECURITY] [DSA 3435-1] git security update
2016-01-05 21:04:25
oraclelinux
oraclelinux
git security update
2015-12-08 00:00:00
git19-git security update
2016-02-04 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in git affects PowerKVM (CVE-2015-7545)
2018-06-18 01:30:44
freebsd
freebsd
Git -- Execute arbitrary code
2015-09-23 00:00:00
nvd
nvd
CVE-2015-7545
2016-04-13 15:59:01
centos
centos
emacs, git, gitk, gitweb, perl security update
2015-12-09 19:18:57
mageia
mageia
Updated mercurial packages fix security vulnerability
2016-05-12 23:00:19
slackware
slackware
[slackware-security] mercurial
2016-05-02 20:39:44
archlinux
archlinux
mercurial: arbitrary code execution
2016-05-06 00:00:00
mercurial: arbitrary code execution
2016-04-06 00:00:00
hackerone
hackerone
Square Open Source: git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules
2015-12-10 06:51:26
gentoo
gentoo
Git: Multiple vulnerabilities
2016-05-02 00:00:00
osv
osv
mercurial-4.0-1.1 on GA media
2024-06-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1843
2021-07-02 16:45:45

EPSS

0.08

Percentile

94.3%

JSON
Related for VERACODE:11853
nessus12cvelist1openvas12ubuntu1amazon1ubuntucve1redhat2debiancve1cve1prion1debian2oraclelinux2ibm1freebsd1nvd1centos1mageia1slackware1archlinux2hackerone1gentoo1osv1rosalinux1