VDB
ALPINE-CVE-2017-8386
ALPINE-CVE-2017-8386
PUBLISHED
CVSS 8.800000190734863 HIGH
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.3 | git | 0, 1.6.0.4-r1, 1.6.0.4-r2 |
Exploit Intelligence
- PoC for CVE-2017-8386 Git-Shell sandbox bypass vulnerability. (github-poc-repo)
- PoC for CVE-2017-8386 Git-Shell sandbox bypass vulnerability. (github-poc)
Timeline
- Jun 1, 2017 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated