VYPR

git-fastclone

by Square

gem: git-fastclone

Source repositories

CVEs (2)

  • CVE-2015-8969CriNov 3, 2016
    risk 0.57cvss 9.8epss 0.05

    git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.

  • CVE-2015-8968HigNov 3, 2016
    risk 0.51cvss 8.8epss 0.05

    git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an…