Amazon Linux AMI : git (ALAS-2017-910)
High Nessus Plugin ID 103823
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionThe 'git' subcommand 'cvsserver' is a Perl script which makes excessive use of the backtick operator to invoke 'git'. Unfortunately user input is used within some of those invocations. It should be noted, that 'git-cvsserver' will be invoked by 'git-shell' by default without further configuration.
SolutionRun 'yum update git' to update your system.