Git git clone Remote Code Execution Vulnerability

By GIXnews

A vulnerability in Git could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient validation of .gitmodules files by the affected software. An attacker could exploit this vulnerability by creating a project containing a .gitmodules file that has a URL field beginning with a – character and persuading a user to run the git clone –recurse-submodules command to clone the project. An exploit could allow the attacker to execute arbitrary code on the system.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Git has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-17456

Source:: Cisco Multivendor Vulnerability Alerts