CVE-2018-17456 log

Severity High
Remote Yes
Type Arbitrary code execution
A security issue has been found in git versions prior to 2.19.1, which allows an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules.
When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field and blindly passes it as an argument to a "git clone" subprocess. If the URL field is set to a string that begins with a dash, this "git clone" subprocess interprets the URL as an option. This can lead to executing an arbitrary script shipped in the superproject as the user who ran "git clone".
Group Package Affected Fixed Severity Status Ticket
AVG-776 git 2.19.0-1 2.19.1-1 High Fixed
Date Advisory Group Package Severity Type
09 Oct 2018 ASA-201810-7 AVG-776 git High arbitrary code execution