Git for Windows 2.7.x < 2.7.6 / 2.8.x < 2.8.6 / 2.9.x < 2.9.5 / 2.10.x < 2.10.4 / 2.11.x < 2.11.13 / 2.12.x < 2.12.4 / 2.13.x < 2.13.5 / 2.14.x < 2.14.1 Malicious SSH URL Command Execution
Medium Nessus Plugin ID 102494
SynopsisThe remote Windows host has an application installed that is affected by a command execution vulnerability.
DescriptionThe version of Git for Windows installed on the remote host is version 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.6, 2.9.x prior to 2.9.5, 2.10.x prior to 2.10.4, 2.11.x prior to 2.11.13, 2.12.x prior to 2.12.4, 2.13.x prior to 2.13.5, or 2.14.x prior to 2.14.1. It is, therefore, affected by a command execution vulnerability due to a flaw in the handling of 'ssh://' URLs that begin with a dash. A maliciously crafted 'ssh://' URL causes Git clients to run an arbitrary shell command. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability.
SolutionUpgrade to Git for Windows 2.7.6 / 2.8.6 / 2.9.5 / 2.10.4 / 2.11.13 / 2.12.4 / 2.13.5 / 2.14.1 or later.