CVE-2018-17456 - RCE for Git submodule - 資安
By David
at 2018-10-08T22:45
at 2018-10-08T22:45
Table of Contents
https://www.cvedetails.com/cve/CVE-2018-17456/
Git allows remote code execution during processing of a recursive "git clone" of a superproject if
a .gitmodules file has a URL field beginning with a '-' character.
Vulnerability Version
- before 2.14.5
- 2.15.x before 2.15.3
- 2.16.x before 2.16.5
- 2.17.x before 2.17.2
- 2.18.x before 2.18.1
- 2.19.x before 2.19.1
----
可以參考 https://blog.github.com/2018-10-05-git-submodule-vulnerability/
除了不要亂連別人的連結之外 也不能亂 clone 別人的 Git Project 了
--
Git allows remote code execution during processing of a recursive "git clone" of a superproject if
a .gitmodules file has a URL field beginning with a '-' character.
Vulnerability Version
- before 2.14.5
- 2.15.x before 2.15.3
- 2.16.x before 2.16.5
- 2.17.x before 2.17.2
- 2.18.x before 2.18.1
- 2.19.x before 2.19.1
----
可以參考 https://blog.github.com/2018-10-05-git-submodule-vulnerability/
除了不要亂連別人的連結之外 也不能亂 clone 別人的 Git Project 了
--
Tags:
資安
All Comments
By Poppy
at 2018-10-12T23:36
at 2018-10-12T23:36
By Eartha
at 2018-10-17T00:27
at 2018-10-17T00:27
Related Posts
CEH 考試經驗分享 2018/9
By Christine
at 2018-10-08T11:16
at 2018-10-08T11:16
白帽菁英萌芽計劃:花蓮場
By Bethany
at 2018-10-05T16:48
at 2018-10-05T16:48
中國監督網路新規,可入營業場所和機房
By Caitlin
at 2018-10-05T11:54
at 2018-10-05T11:54
美超微 伺服器主機板中被發現有hack晶片
By Quanna
at 2018-10-05T10:05
at 2018-10-05T10:05
美警告中國駭客入侵 對科技公司發動攻擊
By Selena
at 2018-10-05T07:39
at 2018-10-05T07:39