VDB
DEBIAN-CVE-2017-14867
DEBIAN-CVE-2017-14867
PUBLISHED
CVSS 8.800000190734863 HIGH
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Risk Scores
CVSS v3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | git | 0, 0, 0 |
| Debian:11 | git | 0, 0, 0 |
| Debian:12 | git | 0, 0, 0 |
| Debian:14 | git | 0, 0, 0 |
Timeline
- Sep 29, 2017 CVE Published
- Apr 28, 2026 CVE Updated