CRITICAL 9.8 Publié le 2018-11-23

CVE-2018-19486

EN Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS 0.7% percentile 71.4%

Apps suivies affectées

Git

winget:Git.Git

1 ouverte

Configurations CPE vulnérables

Vendor	Produit	Plateforme	Versions	CPE 2.3 URI
git-scm	git	Windows	<2.19.2	cpe:2.3:a:git-scm:git::::::::

Voir sur NVD ↗