CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-8969

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://www.securityfocus.com/bid/81433
https://github.com/square/git-fastclone/pull/5
https://hackerone.com/reports/105190
http://www.securityfocus.com/bid/81433
https://github.com/square/git-fastclone/pull/5
https://hackerone.com/reports/105190

Products affected by CVE-2015-8969

Squareup » Git-Fastclone » Version: N/A

cpe:2.3:a:squareup:git-fastclone:-
Squareup » Git-Fastclone » Version: 1.0.0

cpe:2.3:a:squareup:git-fastclone:1.0.0
Squareup » Git-Fastclone » Version: 1.0.1

cpe:2.3:a:squareup:git-fastclone:1.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8969

Products

Pricing

Contact Us