What is CVE-2017-14867?

CVE-2017-14867 is a high-severity vulnerability in Git-scm Git, classified under OS Command Injection. CVSS score: 8.8/10. Published 2017-09-29.

How severe is CVE-2017-14867?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Git-scm Git

CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via sh…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.065 (91.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Git-scm Git — versions 2.11.0, 2.11.1, 2.11.2
Debian Debian_linux — versions 8.0, 9.0
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@mitre.org (x_refsource_CONFIRM, Mailing List, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Mailing List, Third Party Advisory, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Mailing List, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2017-14867?: CVE-2017-14867 is a high-severity vulnerability in Git-scm Git, classified under OS Command Injection. CVSS score: 8.8/10. Published 2017-09-29.
How severe is CVE-2017-14867?: High severity. CVSS v3 base score is 8.8 out of 10.