VYPR
High severity8.8NVD Advisory· Published Dec 21, 2017· Updated Jun 17, 2026

CVE-2017-17831

CVE-2017-17831

Description

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/git-lfs/git-lfsGo
< 2.1.1-0.20170519163204-f913f5f9c7c62.1.1-0.20170519163204-f913f5f9c7c6

Affected products

2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.