This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Git-Scm First view 2016-04-08
Product Git Last view 2020-02-12
Version 1.0.11 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:git-scm:git

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2020-02-12 CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine; libgit2; Egit; and JGit allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

9.8 2018-11-23 CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

9.8 2018-10-06 CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

7.8 2018-05-30 CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

7.5 2018-05-30 CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

8.8 2018-02-09 CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

5.5 2017-10-14 CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

8.8 2017-10-04 CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

8.8 2017-03-19 CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

9.8 2016-04-08 CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-20 Improper Input Validation
10% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
10% (1) CWE-426 Untrusted Search Path
10% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
10% (1) CWE-125 Out-of-bounds Read
10% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (1) CWE-116 Improper Encoding or Escaping of Output
10% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Snort® IPS/IDS

Date Description
2019-12-10 Git client path validation command execution attempt
RuleID : 52112 - Type : SERVER-WEBAPP - Revision : 1
2019-09-10 Git client path validation command execution attempt
RuleID : 50918 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-06090dff59.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1c1a318a0b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-29afefd172.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-42eab0f5b9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-75f7624a9f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-abfd4c6ac3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b10e54263a.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f467c36c2b.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1136.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1136.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1388.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2485.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1377.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3408.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1093.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d5139c4fd6.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1093.nasl - Type: ACT_GATHER_INFO
2018-10-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8c08ab4cd06c11e8b35c001b217b3468.nasl - Type: ACT_GATHER_INFO
2018-10-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7d993184f6.nasl - Type: ACT_GATHER_INFO
2018-10-11 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-283-01.nasl - Type: ACT_GATHER_INFO
2018-10-09 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4311.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The version of Atlassian SourceTree installed on the remote host is affected ...
File: atlassian_sourcetree_2_6_9.nasl - Type: ACT_GATHER_INFO
2018-09-11 Name: The version of Atlassian SourceTree installed on the remote host is affected ...
File: atlassian_sourcetree_2_7_6_macosx.nasl - Type: ACT_GATHER_INFO
2018-09-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-1495.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0145.nasl - Type: ACT_GATHER_INFO