CVE-2017-8386
HIGH8.8EPSS 71.5%git - security update
發布日:2017/6/1修改日:2026/4/28
描述
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
受影響套件(4)
- Alpine/gitfrom 0, < 2.6.7-r0
- Debian/gitfrom 0, < 1:2.11.0-3
- Debian/gitfrom 0, < 1:1.7.10.4-1+wheezy4
- Debian/gitfrom 0, < 1:2.1.4-2.1+deb8u3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |