CVE-2017-12976

HIGH8.8EPSS 0.27%

git-annex - security update

發布日:2025/11/14修改日:2026/4/28

描述

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.

受影響套件(5)

Debian/git-annexfrom 0, < 6.20170818-1
Debian/git-annexfrom 0, < 3.20120629+deb7u1
Debian/git-annexfrom 0, < 5.20141125+oops-1+deb8u2
Debian/git-annexfrom 0, < 5.20141125+deb8u1
Hackage/git-annexfrom 0, < 6.20170818

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://git-annex.branchable.com/security/CVE-2017-12976/
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-12976
PATCHhttp://source.git-annex.branchable.com/?p=source.git;a=commitdiff;h=df11e54788b254efebb4898b474de11ae8d3b471