Code execution bug in malicious repositories resolved by Git Project
#1
Quote: The Git Project has disclosed the existence of a severe vulnerability which can lead to the execution of arbitrary code.

The vulnerability, CVE-2018-17456, was disclosed on Friday. The option-injection attack can be used to compromise the software's submodules. Malicious repositories which are cloned and use a .gitmodules file with a URL field beginning with a '-' character can be used to execute code at the time of processing.

CVE-2018-17456
is similar to CVE-2017-1000117, another option-injection attack which related to the handling of "ssh" URLs in Git software. The latter issue could be used to execute shell commands with the privileges of the user running the Git client when performing a clone action on a malicious repository.

Source: https://www.zdnet.com/article/code-execu...t-project/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
K-Lite Codec Pack 15.9.1 Update
Changes in 19.0.0 ...Kool — 05:00
QOwnNotes 19.1.6
25.6.1 A segmen...Kool — 15:34
Privazer 4.0.19
PrivaZer version v...Kool — 08:36
AMD announces Ryzen AI Z2 Extreme and Ry...
AMD is announcing ...harlan4096 — 08:12
AMD expands FSR4 game list to 65 titles,...
AMD adds more FSR4...harlan4096 — 08:10

[-]
Birthdays
Today's Birthdays
avatar (41)zacforat
avatar (46)NemrokReks
Upcoming Birthdays
avatar (38)Tedscolo
avatar (45)brakasig
avatar (44)JamesReshy
avatar (46)Francisemefe
avatar (39)leoniDup
avatar (38)Patrizaancem
avatar (38)biobdam
avatar (37)Barrackleve
avatar (39)Julioagopy
avatar (49)aolaupitt2558
avatar (39)storoBox
avatar (47)kinotHeemn
avatar (38)Ceballos1976
avatar (39)efynu
avatar (31)horancos

[-]
Online Staff
There are no staff members currently online.

>