Vulnerability in N/a
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution.
EPSS: 0.929 (99.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955
- r00t4dm/CVE-2020-27955
- ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go
- DeeLMind/CVE-2020-27955-LFS
- TheTh1nk3r/cve-2020-27955
- the-chivalrousZ/cve-2020-27955
- Kimorea/CVE-2020-27955-LFS
- z50913/CVE-2020-27955
- userxfan/cve-2020-27955
- whitetea2424/CVE-2020-27955-LFS-main
References
- legalhackers.com (x_refsource_MISC)
- exploitbox.io (x_refsource_MISC)
- github.com/git-lfs/git-lfs/releases (x_refsource_MISC)
- legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html (x_refsource_MISC)
- 20201105 Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.html (x_refsource_MISC)
- packetstormsecurity.com/files/164180/Git-git-lfs-Remote-Code-Execution.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-27955?
- CVE-2020-27955 is a vulnerability in N/a. Published 2020-11-05.
- Is CVE-2020-27955 known to be exploited?
- 56 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.