CVE-2017-8386 (GCVE-0-2017-8386)

Vulnerability from cvelistv5 – Published: 2017-06-01 16:00 – Updated: 2024-08-05 16:34
VLAI
Summary
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gi… mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-3287-1 vendor-advisoryx_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/201706-04 vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://insinuator.net/2017/05/git-shell-bypass-b… x_refsource_MISC
https://kernel.googlesource.com/pub/scm/git/git/+… x_refsource_CONFIRM
http://www.securitytracker.com/id/1038479 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:2491 vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2017-0… vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2017:2004 vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/98409 vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3848 vendor-advisoryx_refsource_DEBIAN
Date Public
2017-05-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:22.740Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[git] 20170510 [ANNOUNCE] Git v2.12.3 and others",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/"
          },
          {
            "name": "USN-3287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3287-1"
          },
          {
            "name": "FEDORA-2017-01a7989fc0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/"
          },
          {
            "name": "FEDORA-2017-f4319b6dfc",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/"
          },
          {
            "name": "GLSA-201706-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201706-04"
          },
          {
            "name": "FEDORA-2017-7ea0e02914",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5"
          },
          {
            "name": "1038479",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038479"
          },
          {
            "name": "RHSA-2017:2491",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2491"
          },
          {
            "name": "openSUSE-SU-2017:1422",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html"
          },
          {
            "name": "RHSA-2017:2004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2004"
          },
          {
            "name": "98409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98409"
          },
          {
            "name": "DSA-3848",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3848"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[git] 20170510 [ANNOUNCE] Git v2.12.3 and others",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/"
        },
        {
          "name": "USN-3287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3287-1"
        },
        {
          "name": "FEDORA-2017-01a7989fc0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/"
        },
        {
          "name": "FEDORA-2017-f4319b6dfc",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/"
        },
        {
          "name": "GLSA-201706-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201706-04"
        },
        {
          "name": "FEDORA-2017-7ea0e02914",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5"
        },
        {
          "name": "1038479",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038479"
        },
        {
          "name": "RHSA-2017:2491",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2491"
        },
        {
          "name": "openSUSE-SU-2017:1422",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html"
        },
        {
          "name": "RHSA-2017:2004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2004"
        },
        {
          "name": "98409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98409"
        },
        {
          "name": "DSA-3848",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3848"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[git] 20170510 [ANNOUNCE] Git v2.12.3 and others",
              "refsource": "MLIST",
              "url": "http://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mtv.corp.google.com/"
            },
            {
              "name": "USN-3287-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3287-1"
            },
            {
              "name": "FEDORA-2017-01a7989fc0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/"
            },
            {
              "name": "FEDORA-2017-f4319b6dfc",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/"
            },
            {
              "name": "GLSA-201706-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201706-04"
            },
            {
              "name": "FEDORA-2017-7ea0e02914",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/"
            },
            {
              "name": "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/",
              "refsource": "MISC",
              "url": "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/"
            },
            {
              "name": "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5",
              "refsource": "CONFIRM",
              "url": "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5"
            },
            {
              "name": "1038479",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038479"
            },
            {
              "name": "RHSA-2017:2491",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2491"
            },
            {
              "name": "openSUSE-SU-2017:1422",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html"
            },
            {
              "name": "RHSA-2017:2004",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2004"
            },
            {
              "name": "98409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98409"
            },
            {
              "name": "DSA-3848",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3848"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8386",
    "datePublished": "2017-06-01T16:00:00.000Z",
    "dateReserved": "2017-05-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:34:22.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-8386",
      "date": "2026-05-30",
      "epss": "0.71499",
      "percentile": "0.98751"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8386\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-06-01T16:29:00.450\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.\"},{\"lang\":\"es\",\"value\":\"git-shell en git en versiones anteriores a la 2.4.12, versiones 2.5.x anteriores a la 2.5.6, versiones 2.6.x anteriores a la 2.6.7, versiones 2.7.x anteriores a la 2.7.5, versiones 2.8.x anteriores a la 2.8.5, versiones 2.9.x anteriores a la 2.9.4, versiones 2.10.x anteriores a la 2.10.3, versiones 2.11.x anteriores a la 2.11.2 y versiones 2.12.x anteriores a la 2.12.3 podr\u00eda permitir que usuarios remotos autenticados obtengan privilegios mediante un nombre de repositorio que comienza con un car\u00e1cter - (guion).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git:git-shell:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F9065E-E69B-4F90-BE48-6FD2CCF37B97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFB20FA-CB00-4729-AB3A-816454C6D096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"588D4F37-0A56-47A4-B710-4D5F3D214FB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"772E9557-A371-4664-AE2D-4135AAEB89AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4D8269-B407-4C24-AAB0-02F885C7D752\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3848\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/98409\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038479\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3287-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2004\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2491\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201706-04\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3848\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/98409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038479\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3287-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201706-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.