Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-28T14:00:00

Updated: 2024-08-05T19:42:21.436Z

Reserved: 2017-09-28T00:00:00

Link: CVE-2017-14867

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-29T01:34:50.047

Modified: 2024-11-21T03:13:40.097

Link: CVE-2017-14867

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-09-26T00:00:00Z

Links: CVE-2017-14867 - Bugzilla