High severity8.8NVD Advisory· Published Aug 20, 2017· Updated Jun 17, 2026
CVE-2017-12976
CVE-2017-12976
Description
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
Affected products
3cpe:2.3:a:git-annex_project:git-annex:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:git-annex_project:git-annex:*:*:*:*:*:*:*:*range: <=6.20170520
- (no CPE)range: <6.20170818
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.