CVE-2015-8969
N/A
N/A
Summary
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | git-fastclone ruby gem All versions before 1.0.5 | git-fastclone ruby gem All versions before 1.0.5 | affected |
Weaknesses
- Arbitrary Command Execution
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/81433
- https://github.com/square/git-fastclone/pull/5
- https://hackerone.com/reports/105190
References
- http://www.securityfocus.com/bid/81433
- https://github.com/square/git-fastclone/pull/5
- https://hackerone.com/reports/105190
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.