Download
| Alert*
|
oval:org.secpod.oval:def:1901395
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:113512 Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many places ... oval:org.secpod.oval:def:53165 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. oval:org.secpod.oval:def:603142 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. |
