CVE-2015-7545
Description
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
34.729
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| fast, scalable, distributed revision control system (USN-2835-1) git_2.5.0-1_i386.deb | Linux |
| fast, scalable, distributed revision control system (USN-2835-1) git_2.5.0-1_amd64.deb | Linux |
| fast, scalable, distributed revision control system (USN-2835-1) git_2.1.4-2.1ubuntu0.1_i386.deb | Linux |
| fast, scalable, distributed revision control system (USN-2835-1) git_2.1.4-2.1ubuntu0.1_amd64.deb | Linux |
| git security update(DSA-3521-1) git_2.1.4-2.1+deb8u2_i386.deb | Linux |
| git security update(DSA-3521-1) git_2.1.4-2.1+deb8u2_amd64.deb | Linux |
| git security update(DSA-3521-1) git_1.7.10.4-1+wheezy3_i386.deb | Linux |
| Improper Input Validation Vulnerability (CVE-2015-7545) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234