Unrated severityNVD Advisory· Published Nov 23, 2018· Updated Aug 5, 2024
CVE-2018-19486
CVE-2018-19486
Description
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Affected products
3- osv-coords3 versionspkg:rpm/opensuse/git&distro=openSUSE%20Tumbleweedpkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/git&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015
< 2.33.0-1.3+ 2 more
- (no CPE)range: < 2.33.0-1.3
- (no CPE)range: < 2.16.4-3.9.2
- (no CPE)range: < 2.16.4-3.9.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- access.redhat.com/errata/RHSA-2018:3800mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201904-13mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3829-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/106020mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1042166mitrevdb-entryx_refsource_SECTRACK
- git.kernel.org/pub/scm/git/git.git/commit/mitrex_refsource_MISC
- git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.