CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
ATT&CK techniques detected
T1059Command and Scripting Interpreter
43%
“cve - 2017 - 14867 git before 2. 10. 5, 2. 11. x before 2. 11. 4, 2. 12. x before 2. 12. 5, 2. 13. x before 2. 13. 6, and 2. 14. x before 2. 14. 2 uses unsafe perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary os commands via shell …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Information published.