CVE-2018-11235

CVE-2018-11235

Name

CVE-2018-11235

Description

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
Third Party Advisory	https://www.debian.org/security/2018/dsa-4212
Release Notes	https://marc.info/?l=git&m=152761328506724&w=2
Third Party Advisory	http://www.securitytracker.com/id/1040991
Third Party Advisory	http://www.securityfocus.com/bid/104345
Exploit	https://www.exploit-db.com/exploits/44822/
Third Party Advisory	https://usn.ubuntu.com/3671-1/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:1957
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2147
Third Party Advisory	https://security.gentoo.org/glsa/201805-13
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Type

URI

Patch

https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/

Third Party Advisory

https://www.debian.org/security/2018/dsa-4212

Release Notes

https://marc.info/?l=git&m=152761328506724&w=2

Third Party Advisory

http://www.securitytracker.com/id/1040991

Third Party Advisory

http://www.securityfocus.com/bid/104345

Exploit

https://www.exploit-db.com/exploits/44822/

Third Party Advisory

https://usn.ubuntu.com/3671-1/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1957

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2147

Third Party Advisory

https://security.gentoo.org/glsa/201805-13

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:debian:debian_linux:8.0:::::::*`	debian_linux	== None	== 8.0
`cpe:2.3:o:debian:debian_linux:9.0:::::::*`	debian_linux	== None	== 9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

debian_linux

== None

== 8.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

debian_linux

== None

== 9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
git	edge-main	2.17.1-r0	None	fixed
git	3.22-main	2.17.1-r0	None	fixed
git	3.21-main	2.17.1-r0	None	fixed
git	3.20-main	2.17.1-r0	None	fixed
git	3.19-main	2.17.1-r0	None	fixed
git	3.18-main	2.17.1-r0	None	fixed
git	3.17-main	2.17.1-r0	None	fixed
git	3.12-main	2.17.1-r0	None	fixed
git	3.11-main	2.17.1-r0	None	fixed
git	3.10-main	2.17.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

git

edge-main

2.17.1-r0

None

fixed

git

3.22-main