High severity8.8NVD Advisory· Published Jun 1, 2017· Updated Jun 17, 2026
CVE-2017-8386
CVE-2017-8386
Description
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
- osv-coords10 versionspkg:rpm/opensuse/git&distro=openSUSE%20Tumbleweedpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/git&distro=SUSE%20Studio%20Onsite%201.3
< 2.33.0-1.3+ 9 more
- (no CPE)range: < 2.33.0-1.3
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 1.7.12.4-0.17.1
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 2.12.3-26.1
- (no CPE)range: < 1.7.12.4-0.17.1
Patches
Vulnerability mechanics
References
14- www.ubuntu.com/usn/USN-3287-1nvdExploitThird Party Advisory
- lists.opensuse.org/opensuse-updates/2017-05/msg00090.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-3848nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/98409nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038479nvdThird Party Advisory
- insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/nvdMitigationThird Party Advisory
- kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5nvdThird Party Advisory
- public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/nvd
- access.redhat.com/errata/RHSA-2017:2004nvd
- access.redhat.com/errata/RHSA-2017:2491nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/nvd
- security.gentoo.org/glsa/201706-04nvd
News mentions
0No linked articles in our index yet.