Home

CVE-2017-14867

Description

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.968

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.11.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.11.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.11.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.4Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.14.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.11.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.11.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.11.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.4Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.14.0Windows
Vulnerabilities CVE-2017-14867 are affected in Git (X64) 2.10.4--Windows
Vulnerabilities CVE-2017-14867 are affected in Git (X64) 2.11.3Windows
Vulnerabilities CVE-2017-14867 are affected in Git (X64) 2.12.4Windows
Vulnerabilities CVE-2017-14867 are affected in Git (X64) 2.13.5Windows
Vulnerabilities CVE-2017-14867 are affected in Git (X64) 2.14.1Windows
Vulnerabilities CVE-2017-14867 are affected in Git 2.10.4--Windows
Vulnerabilities CVE-2017-14867 are affected in Git 2.11.3Windows
Vulnerabilities CVE-2017-14867 are affected in Git 2.12.4Windows
Vulnerabilities CVE-2017-14867 are affected in Git 2.13.5Windows
Vulnerabilities CVE-2017-14867 are affected in Git 2.14.1Windows
fast, scalable, distributed revision control system (USN-3387-1) git_1.9.1-1ubuntu0.7_i386.debLinux
fast, scalable, distributed revision control system (USN-3438-1) git_1.9.1-1ubuntu0.7_amd64.debLinux
fast, scalable, distributed revision control system (USN-3438-1) git_2.7.4-0ubuntu1.3_i386.debLinux
fast, scalable, distributed revision control system (USN-3438-1) git_2.7.4-0ubuntu1.3_amd64.debLinux
fast, scalable, distributed revision control system (USN-3438-1) git_2.11.0-2ubuntu0.3_i386.debLinux
fast, scalable, distributed revision control system (USN-3438-1) git_2.11.0-2ubuntu0.3_amd64.debLinux
SUSE-SU-2017:2747-1(SUSE Linux Enterprise Server 12-SP2 ) git-core-2.12.3-27.9.1.x86_64.rpmLinux
SUSE-SU-2017:2747-1(SUSE Linux Enterprise Server 12-SP2 ) git-core-debuginfo-2.12.3-27.9.1.x86_64.rpmLinux
SUSE-SU-2017:2747-1(SUSE Linux Enterprise Server 12-SP2 ) git-debugsource-2.12.3-27.9.1.x86_64.rpmLinux
SUSE-SU-2017:2747-1(SUSE Linux Enterprise Server 12-SP2 ) git-doc-2.12.3-27.9.1.noarch.rpmLinux
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2017-14867)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234