Vulnerability Details CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.926
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164180/Git-git-lfs-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Nov/1
- https://exploitbox.io
- https://github.com/git-lfs/git-lfs/releases
- https://legalhackers.com
- https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html
- http://packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164180/Git-git-lfs-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Nov/1
- https://exploitbox.io
- https://github.com/git-lfs/git-lfs/releases
- https://legalhackers.com
- https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html
Products affected by CVE-2020-27955
-
cpe:2.3:a:git_large_file_storage_project:git_large_file_storage:2.12.0