RubyGems package
git-fastclone
pkg:gem/git-fastclone
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8969 | Cri | 9.8 | < 1.0.5 | 1.0.5 | Nov 3, 2016 | git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library. | |
| CVE-2015-8968 | Hig | 8.8 | < 1.0.1 | 1.0.1 | Nov 3, 2016 | git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unen |
- affected < 1.0.5fixed 1.0.5
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.
- affected < 1.0.1fixed 1.0.1
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unen