GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
References
Link | Resource |
---|---|
http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html | Third Party Advisory |
http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html - Third Party Advisory |
24 Oct 2024, 17:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 5.0 |
Information
Published : 2018-02-09 23:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000021
Mitre link : CVE-2018-1000021
CVE.ORG link : CVE-2018-1000021
JSON object : View
Products Affected
git-scm
- git
CWE
CWE-20
Improper Input Validation