CVE-2018-1000021

SOURCE - nist

Summary

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

EPSS Score⁠: 0.00159 (0.522)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-20⁠

Improper Input Validation

SOURCE - redhat

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Sources (4)

Impacted images

debian

CREATED

6 years ago

UPDATED

5 months ago

SOURCE IDCVE-2018-1000021⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/git	deb	debian	12	>=1:2.39.2-1.1	Not yet available
debian/git	deb	debian	11	>=1:2.30.2-1+deb11u2	Not yet available
debian/git	deb	debian	unstable	>=1:2.43.0-1	Not yet available
debian/git	deb	debian	10	>=1:2.20.1-2+deb10u3	Not yet available
debian/git	deb	debian	13	>=1:2.43.0-1	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

6 years ago

UPDATED

6 years ago

SOURCE IDCVE-2018-1000021⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

8.8high

ubuntu

CREATED

6 years ago

UPDATED

21 days ago

SOURCE IDCVE-2018-1000021⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.8low

redhat

CREATED

6 years ago

UPDATED

10 months ago

SOURCE IDCVE-2018-1000021⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

5medium