Critical severity9.8NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2015-7545
CVE-2015-7545
Description
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txtnvdPatchVendor Advisory
- github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txtnvdPatchVendor Advisory
- github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txtnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2015-11/msg00066.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2515.htmlnvd
- www.debian.org/security/2016/dsa-3435nvd
- www.openwall.com/lists/oss-security/2015/12/08/5nvd
- www.openwall.com/lists/oss-security/2015/12/09/8nvd
- www.openwall.com/lists/oss-security/2015/12/11/7nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
- www.securityfocus.com/bid/78711nvd
- www.securitytracker.com/id/1034501nvd
- www.slackware.com/security/viewer.phpnvd
- www.ubuntu.com/usn/USN-2835-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txtnvd
- kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021nvd
- lkml.org/lkml/2015/10/5/683nvd
- security.gentoo.org/glsa/201605-01nvd
News mentions
0No linked articles in our index yet.