Arbitrary Argument Injection Affecting git package, versions <1:2.7.4-0ubuntu1.5


Severity

Recommended
medium

Based on Ubuntu security rating

    Threat Intelligence

    Exploit Maturity
    Mature
    EPSS
    21.55% (97th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-UBUNTU1604-GIT-340828
  • published 6 Oct 2018
  • disclosed 6 Oct 2018

How to fix?

Upgrade Ubuntu:16.04 git to version 1:2.7.4-0ubuntu1.5 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. See How to fix? for Ubuntu:16.04 relevant fixed versions and status.

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.