HIGH✓ PATCH🇬🇧 English

CVE-2017-17831

CVSS 8.8v3.0pub. 2017-12-21upd. 2026-05-13

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Git Large File Storage Project Git Large File Storage

    APP
    Git Large File Storage Project
    < 2.1.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2022-24826CRITICAL9.8ten sam produkt

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe...

CVE-2020-27955CRITICAL9.8ten sam produkt

Git LFS 2.12.0 allows Remote Code Execution.

CVE-2021-21237HIGH7.2ten sam produkt

Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a ma...