CVE-2018-19486

EPSS 0.69%
Published 23.11.2018 08:29:00
Last modified 21.11.2024 03:58:00
Source cve@mitre.org
Teams watchlist Login
Open Login

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Git-scm ≫ Git Version < 2.19.2

Linux ≫ Linux Kernel Version-

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.69%	0.711

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://usn.ubuntu.com/3829-1/

Third Party Advisory

http://www.securityfocus.com/bid/106020

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1042166

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2018:3800

Third Party Advisory

https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60

Patch