VDB
DEBIAN-CVE-2018-17456
DEBIAN-CVE-2018-17456
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | git | 0, 0, 0 |
| Debian:11 | git | 0, 0, 0 |
| Debian:12 | git | 0, 0, 0 |
| Debian:14 | git | 0, 0, 0 |
Exploit Intelligence
- 799600966/CVE-2018-17456 (github-poc-repo)
- CVE-2018-17456漏洞复现(PoC+Exp) (github-poc-repo)
- CVE-2018-17456复现 (github-poc-repo)
- a test repository for CVE-2018-17456's PoC (github-poc-repo)
- a test repository for CVE-2018-17456's PoC (github-poc)
- CVE-2018-17456复现 (github-poc)
- CVE-2018-17456漏洞复现(PoC+Exp) (github-poc)
- 799600966/CVE-2018-17456 (github-poc)
- matlink/CVE-2018-17456 (github-poc)
- 1-day (github-poc)
Timeline
- Oct 6, 2018 CVE Published
- Apr 28, 2026 CVE Updated