Action not permitted
Modal body text goes here.
Modal Title
Modal Body
hsec-2023-0009
Vulnerability from osv_haskell
Published
2025-11-14 14:45
Modified
2025-11-14 14:45
Summary
git-annex command injection via malicious SSH hostname
Details
git-annex command injection via malicious SSH hostname
git-annex was vulnerable to the same class of security hole as
git's CVE-2017-1000117. In several cases, git-annex parses a
repository URL, and uses it to generate a ssh command, with the
hostname to ssh to coming from the URL. If the hostname it parses is
something like -eProxyCommand=evil, this could result in arbitrary
local code execution.
Some details of URL parsing may prevent the exploit working in some cases.
Exploiting this would involve the attacker tricking the victim into
adding a remote something like ssh://-eProxyCommand=evil/blah.
One possible avenue for an attacker that avoids exposing the URL to
the user is to use initremote with an SSH remote, so embedding the
URL in the git-annex branch. Then the victim would enable it with
enableremote.
This was fixed in version 6.20170818. Now there's a SshHost
type that is not allowed to start with a dash, and every invocation
of git-annex uses a function that takes a SshHost.
{
"affected": [
{
"database_specific": {
"human_link": "https://github.com/haskell/security-advisories/tree/main/advisories/published/2023/HSEC-2023-0009.md",
"osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2023/HSEC-2023-0009.json"
},
"package": {
"ecosystem": "Hackage",
"name": "git-annex"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.20170818"
}
],
"type": "ECOSYSTEM"
}
],
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2017-12976"
],
"database_specific": {
"home": "https://github.com/haskell/security-advisories",
"osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
"repository": "https://github.com/haskell/security-advisories"
},
"details": "# *git-annex* command injection via malicious SSH hostname\n\n*git-annex* was vulnerable to the same class of security hole as\ngit\u0027s **CVE-2017-1000117**. In several cases, `git-annex` parses a\nrepository URL, and uses it to generate a `ssh` command, with the\nhostname to ssh to coming from the URL. If the hostname it parses is\nsomething like `-eProxyCommand=evil`, this could result in arbitrary\nlocal code execution.\n\nSome details of URL parsing may prevent the exploit working in some\ncases.\n\nExploiting this would involve the attacker tricking the victim into\nadding a remote something like `ssh://-eProxyCommand=evil/blah`.\n\nOne possible avenue for an attacker that avoids exposing the URL to\nthe user is to use `initremote` with an SSH remote, so embedding the\nURL in the *git-annex* branch. Then the victim would enable it with\n`enableremote`.\n\nThis was fixed in version **6.20170818**. Now there\u0027s a `SshHost`\ntype that is not allowed to start with a dash, and every invocation\nof `git-annex` uses a function that takes a `SshHost`.\n",
"id": "HSEC-2023-0009",
"modified": "2025-11-14T14:45:34Z",
"published": "2025-11-14T14:45:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://git-annex.branchable.com/security/CVE-2017-12976/"
},
{
"type": "FIX",
"url": "http://source.git-annex.branchable.com/?p=source.git;a=commitdiff;h=df11e54788b254efebb4898b474de11ae8d3b471"
}
],
"related": [
"CVE-2017-9800",
"CVE-2017-12836",
"CVE-2017-1000116",
"CVE-2017-1000117"
],
"schema_version": "1.5.0",
"summary": "git-annex command injection via malicious SSH hostname"
}
CVE-2017-12836 (GCVE-0-2017-12836)
Vulnerability from cvelistv5 – Published: 2017-08-24 14:00 – Updated: 2024-08-05 18:51
VLAI?
EPSS
Summary
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100279"
},
{
"name": "[oss-security] 20170811 Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/4"
},
{
"name": "DSA-3940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3940"
},
{
"name": "[oss-security] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/1"
},
{
"name": "[bug-cvs] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480800"
},
{
"name": "GLSA-201709-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-17"
},
{
"name": "USN-3399-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3399-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by \"-oProxyCommand=id;localhost:/bar.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100279"
},
{
"name": "[oss-security] 20170811 Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/4"
},
{
"name": "DSA-3940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3940"
},
{
"name": "[oss-security] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/1"
},
{
"name": "[bug-cvs] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480800"
},
{
"name": "GLSA-201709-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-17"
},
{
"name": "USN-3399-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3399-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by \"-oProxyCommand=id;localhost:/bar.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100279"
},
{
"name": "[oss-security] 20170811 Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/4"
},
{
"name": "DSA-3940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3940"
},
{
"name": "[oss-security] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/1"
},
{
"name": "[bug-cvs] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480800",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480800"
},
{
"name": "GLSA-201709-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-17"
},
{
"name": "USN-3399-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3399-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12836",
"datePublished": "2017-08-24T14:00:00.000Z",
"dateReserved": "2017-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:06.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9800 (GCVE-0-2017-9800)
Vulnerability from cvelistv5 – Published: 2017-08-11 21:00 – Updated: 2024-09-16 23:36
VLAI?
EPSS
Summary
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Subversion |
Affected:
1.0.0 to 1.8.18
Affected: 1.9.0 to 1.9.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
},
{
"name": "100259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100259"
},
{
"name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
},
{
"name": "RHSA-2017:2480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2480"
},
{
"name": "1039127",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039127"
},
{
"name": "GLSA-201709-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-09"
},
{
"name": "DSA-3932",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3932"
},
{
"name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Subversion",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.8.18"
},
{
"status": "affected",
"version": "1.9.0 to 1.9.6"
}
]
}
],
"datePublic": "2017-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:52.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3E"
},
{
"name": "100259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100259"
},
{
"name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
},
{
"name": "RHSA-2017:2480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2480"
},
{
"name": "1039127",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039127"
},
{
"name": "GLSA-201709-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-09"
},
{
"name": "DSA-3932",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3932"
},
{
"name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-9800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Subversion",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 1.8.18"
},
{
"version_value": "1.9.0 to 1.9.6"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\u0027s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E"
},
{
"name": "100259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100259"
},
{
"name": "20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540999/100/0/threaded"
},
{
"name": "RHSA-2017:2480",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2480"
},
{
"name": "1039127",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039127"
},
{
"name": "GLSA-201709-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-09"
},
{
"name": "DSA-3932",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3932"
},
{
"name": "[subversion-commits] 20190830 svn commit: r1866117 - in /subversion/site/publish/docs/community-guide: how-to-roll-releases-in-private.txt issues.part.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76@%3Ccommits.subversion.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html"
},
{
"name": "https://support.apple.com/HT208103",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208103"
},
{
"name": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt",
"refsource": "CONFIRM",
"url": "https://subversion.apache.org/security/CVE-2017-9800-advisory.txt"
},
{
"name": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-9800",
"datePublished": "2017-08-11T21:00:00.000Z",
"dateReserved": "2017-06-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:59.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000116 (GCVE-0-2017-1000116)
Vulnerability from cvelistv5 – Published: 2017-10-04 01:00 – Updated: 2024-08-05 21:53
VLAI?
EPSS
Summary
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29"
},
{
"name": "100290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100290"
},
{
"name": "DSA-3963",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3963"
},
{
"name": "RHSA-2017:2489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2489"
},
{
"name": "GLSA-201709-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00.000Z",
"datePublic": "2017-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29"
},
{
"name": "100290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100290"
},
{
"name": "DSA-3963",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3963"
},
{
"name": "RHSA-2017:2489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2489"
},
{
"name": "GLSA-201709-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.328519",
"ID": "CVE-2017-1000116",
"REQUESTER": "security@mercurial-scm.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29",
"refsource": "CONFIRM",
"url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29"
},
{
"name": "100290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100290"
},
{
"name": "DSA-3963",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3963"
},
{
"name": "RHSA-2017:2489",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2489"
},
{
"name": "GLSA-201709-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000116",
"datePublished": "2017-10-04T01:00:00.000Z",
"dateReserved": "2017-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000117 (GCVE-0-2017-1000117)
Vulnerability from cvelistv5 – Published: 2017-10-04 01:00 – Updated: 2024-08-05 21:53
VLAI?
EPSS
Summary
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3934"
},
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "1039131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039131"
},
{
"name": "42599",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42599/"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"name": "RHSA-2017:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2484"
},
{
"name": "RHSA-2017:2491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html"
},
{
"name": "100283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100283"
},
{
"name": "GLSA-201709-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-10"
},
{
"name": "RHSA-2017:2485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00.000Z",
"datePublic": "2017-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim\u0027s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3934"
},
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "1039131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039131"
},
{
"name": "42599",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42599/"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"name": "RHSA-2017:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2484"
},
{
"name": "RHSA-2017:2491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html"
},
{
"name": "100283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100283"
},
{
"name": "GLSA-201709-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-10"
},
{
"name": "RHSA-2017:2485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.329422",
"ID": "CVE-2017-1000117",
"REQUESTER": "gitster@pobox.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim\u0027s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3934"
},
{
"name": "RHSA-2017:2674",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "1039131",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039131"
},
{
"name": "42599",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42599/"
},
{
"name": "RHSA-2017:2675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"name": "RHSA-2017:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2484"
},
{
"name": "RHSA-2017:2491",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2491"
},
{
"name": "https://support.apple.com/HT208103",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208103"
},
{
"name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html"
},
{
"name": "100283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100283"
},
{
"name": "GLSA-201709-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-10"
},
{
"name": "RHSA-2017:2485",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000117",
"datePublished": "2017-10-04T01:00:00.000Z",
"dateReserved": "2017-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12976 (GCVE-0-2017-12976)
Vulnerability from cvelistv5 – Published: 2017-08-20 20:00 – Updated: 2024-08-05 18:51
VLAI?
EPSS
Summary
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=c24d0f0e8984576654e2be149005bc884fe0403a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=df11e54788b254efebb4898b474de11ae8d3b471"
},
{
"name": "DSA-4010",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-4010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=blob%3Bf=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-06T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=c24d0f0e8984576654e2be149005bc884fe0403a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=df11e54788b254efebb4898b474de11ae8d3b471"
},
{
"name": "DSA-4010",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-4010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=blob%3Bf=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
},
{
"name": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a",
"refsource": "CONFIRM",
"url": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a"
},
{
"name": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471",
"refsource": "CONFIRM",
"url": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471"
},
{
"name": "DSA-4010",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4010"
},
{
"name": "http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn",
"refsource": "CONFIRM",
"url": "http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12976",
"datePublished": "2017-08-20T20:00:00.000Z",
"dateReserved": "2017-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:07.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…