CVE-2017-8386
HIGH8.8EPSS 71.5%git - security update
Published: 6/1/2017Modified: 4/28/2026
Description
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Affected packages (4)
- Alpine/gitfrom 0, < 2.6.7-r0
- Debian/gitfrom 0, < 1:2.11.0-3
- Debian/gitfrom 0, < 1:1.7.10.4-1+wheezy4
- Debian/gitfrom 0, < 1:2.1.4-2.1+deb8u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |