New Search

Git OS Command Injection Vulnerability - CVE-2017-14867

oval:org.cisecurity:def:5141

Git before 2.10.5 2.11.x before 2.11.4 2.12.x before 2.12.5 2.13.x before 2.13.6 and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 10
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 7
  • Microsoft Windows Server 2016
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2017-14867
Product(s):