Amazon Linux AMI : git (ALAS-2017-882)
Medium Nessus Plugin ID 102870
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionCommand injection via malicious ssh URLs :
A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)
SolutionRun 'yum update git' to update your system.