Critical severity9.8NVD Advisory· Published Apr 13, 2016· Updated Jun 17, 2026
CVE-2015-7545
CVE-2015-7545
Description
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31cpe:2.3:a:git_project:git:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:git_project:git:*:*:*:*:*:*:*:*range: <=2.3.9
- cpe:2.3:a:git_project:git:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:git_project:git:2.6.0:*:*:*:*:*:*:*
- (no CPE)range: 2.3.x < 2.3.10, 2.4.x < 2.4.10, 2.5.x < 2.5.4, 2.6.x < 2.6.1
- cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- osv-coords7 versionspkg:rpm/opensuse/mercurial&distro=openSUSE%20Tumbleweedpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 4.0-1.1+ 6 more
- (no CPE)range: < 4.0-1.1
- (no CPE)range: < 1.8.5.6-15.1
- (no CPE)range: < 1.8.5.6-15.1
- (no CPE)range: < 1.8.5.6-15.1
- (no CPE)range: < 1.8.5.6-15.1
- (no CPE)range: < 1.8.5.6-15.1
- (no CPE)range: < 1.8.5.6-15.1
Patches
Vulnerability mechanics
References
21- github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txtnvdPatchVendor Advisory
- github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txtnvdPatchVendor Advisory
- github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txtnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2015-11/msg00066.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2515.htmlnvd
- www.debian.org/security/2016/dsa-3435nvd
- www.openwall.com/lists/oss-security/2015/12/08/5nvd
- www.openwall.com/lists/oss-security/2015/12/09/8nvd
- www.openwall.com/lists/oss-security/2015/12/11/7nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
- www.securityfocus.com/bid/78711nvd
- www.securitytracker.com/id/1034501nvd
- www.slackware.com/security/viewer.phpnvd
- www.ubuntu.com/usn/USN-2835-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txtnvd
- kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021nvd
- lkml.org/lkml/2015/10/5/683nvd
- security.gentoo.org/glsa/201605-01nvd
News mentions
0No linked articles in our index yet.