Code execution bug in malicious repositories resolved by Git Project
#1
Quote: The Git Project has disclosed the existence of a severe vulnerability which can lead to the execution of arbitrary code.

The vulnerability, CVE-2018-17456, was disclosed on Friday. The option-injection attack can be used to compromise the software's submodules. Malicious repositories which are cloned and use a .gitmodules file with a URL field beginning with a '-' character can be used to execute code at the time of processing.

CVE-2018-17456
is similar to CVE-2017-1000117, another option-injection attack which related to the handling of "ssh" URLs in Git software. The latter issue could be used to execute shell commands with the privileges of the user running the Git client when performing a clone action on a malicious repository.

Source: https://www.zdnet.com/article/code-execu...t-project/
[-] The following 1 user says Thank You to silversurfer for this post:
  â€˘ harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
WhatsApp Launches New Username Feature ...
WhatsApp Opens Usern...harlan4096 — 17:12
AnyDesk 9.7.9 for Windows
Version 9.7.9 for ...harlan4096 — 15:57
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23
Microsoft Warns Windows 11 Enterprise De...
Microsoft has issu...harlan4096 — 10:22
QOwnNotes
26.7.1 Added a ne...Kool — 05:26

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>