Jump to content
Sign in to follow this  
osirium

Arbitrary code execution via crafted ssh:// in Git

Recommended Posts

osirium    33

Arbitrary code execution via crafted ssh:// in Git


"""

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim and an attempt to visit the URL can result in any program that exists on the victim's machine being executed.
Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

"""

 

Source: 

 

Please login or register to see this link.

Please login or register to see this link.  

  • Upvote 4

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×