CRITICAL 9.8
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
62.6%
percentile 98.4%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| git-scm | git | Windows | ≥2.14.0 <2.14.5 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.15.0 <2.15.3 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.16.0 <2.16.5 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.17.0 <2.17.2 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.18.0 <2.18.1 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.19.0 <2.19.1 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |