GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HGit Large File Storage Project Git Large File Storage
APPGit Large File Storage Project< 2.1.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje
Powiązane podatności
CVE-2022-24826CRITICAL9.8ten sam produkt
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe...
CVE-2020-27955CRITICAL9.8ten sam produkt
Git LFS 2.12.0 allows Remote Code Execution.
CVE-2021-21237HIGH7.2ten sam produkt
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a ma...