CVE-2018-19486

CVE-2018-19486

Name

CVE-2018-19486

Description

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Release Notes	https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt
Mailing List	https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
Third Party Advisory	https://usn.ubuntu.com/3829-1/
Third Party Advisory	http://www.securitytracker.com/id/1042166
Third Party Advisory	http://www.securityfocus.com/bid/106020
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3800
GENTOO	https://security.gentoo.org/glsa/201904-13

Type

URI

Release Notes

https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt

Mailing List

https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60

Third Party Advisory

https://usn.ubuntu.com/3829-1/

Third Party Advisory

http://www.securitytracker.com/id/1042166

Third Party Advisory

http://www.securityfocus.com/bid/106020

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3800

GENTOO

https://security.gentoo.org/glsa/201904-13

References

Match rules

Vulnerable and fixed packages