cve 2017 14867

About this tag
CVE-2017-14867 is a critical OS command injection vulnerability in Git's cvsserver subcommand. The flaw resides in unsafe Perl scripts that allow shell metacharacters in a module name to be interpreted as operating system commands, enabling remote code execution. This vulnerability affects multiple Git release lines and is reachable even when CVS support is not explicitly enabled via git-shell. The tag covers discussions about the vulnerability's background, impact, and mitigation steps, including patching guidance for affected Git versions. Users and administrators should apply the official patch to prevent exploitation of this remote command execution flaw.
  1. CVE-2017-14867: Git CVSServer OS Command Injection and Patch Guide

    Git’s cvsserver subcommand contained a dangerous, long-lived flaw: unsafe Perl scripts allowed shell metacharacters in a module name to become OS commands, enabling remote command execution — a vulnerability tracked as CVE-2017-14867 that affected multiple Git release lines and was reachable...