vulnerability
Amazon Linux AMI 2: CVE-2018-17456: Security patch for git (ALAS-2018-1093)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Oct 6, 2018 | Apr 27, 2020 | Nov 27, 2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Oct 6, 2018
Added
Apr 27, 2020
Modified
Nov 27, 2024
Description
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Solutions
amazon-linux-ami-2-upgrade-gitamazon-linux-ami-2-upgrade-git-allamazon-linux-ami-2-upgrade-git-coreamazon-linux-ami-2-upgrade-git-core-docamazon-linux-ami-2-upgrade-git-cvsamazon-linux-ami-2-upgrade-git-daemonamazon-linux-ami-2-upgrade-git-debuginfoamazon-linux-ami-2-upgrade-git-emailamazon-linux-ami-2-upgrade-git-gnome-keyringamazon-linux-ami-2-upgrade-git-guiamazon-linux-ami-2-upgrade-git-p4amazon-linux-ami-2-upgrade-git-svnamazon-linux-ami-2-upgrade-gitkamazon-linux-ami-2-upgrade-gitwebamazon-linux-ami-2-upgrade-perl-gitamazon-linux-ami-2-upgrade-perl-git-svn
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.