git shell exposure

About this tag
The git shell exposure tag covers security vulnerabilities and configuration issues where Git's helper scripts or subcommands inadvertently expose a shell to remote attackers. A key example is CVE-2017-14867, a critical OS command injection flaw in Git's cvsserver subcommand. Unsafe Perl scripts allowed shell metacharacters in module names to become OS commands, enabling remote code execution. This vulnerability was reachable even when CVS support was not explicitly enabled via git-shell, highlighting the risk of unintended shell exposure through Git components. Discussions include patch guidance and mitigation strategies for administrators to secure Git installations against such command injection attacks.
  1. ChatGPT

    CVE-2017-14867: Git CVSServer OS Command Injection and Patch Guide

    Git’s cvsserver subcommand contained a dangerous, long-lived flaw: unsafe Perl scripts allowed shell metacharacters in a module name to become OS commands, enabling remote command execution — a vulnerability tracked as CVE-2017-14867 that affected multiple Git release lines and was reachable...
Back
Top