CVE-2017-1000117
- Source
- https://cve.org/CVERecord?id=CVE-2017-1000117
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000117.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-1000117
- Downstream
- Related
- Published
- 2017-10-05T01:29:04.650Z
- Modified
- 2026-05-08T13:27:14.439997Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
- References
-
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html
- http://www.debian.org/security/2017/dsa-3934
- http://www.securityfocus.com/bid/100283
- http://www.securitytracker.com/id/1039131
- https://access.redhat.com/errata/RHSA-2017:2484
- https://access.redhat.com/errata/RHSA-2017:2485
- https://access.redhat.com/errata/RHSA-2017:2491
- https://access.redhat.com/errata/RHSA-2017:2674
- https://access.redhat.com/errata/RHSA-2017:2675
- https://security.gentoo.org/glsa/201709-10
- https://support.apple.com/HT208103
- https://www.exploit-db.com/exploits/42599/
Affected packages
Git / github.com/git/git
Affected ranges
- Type
- GIT
- Repo
- https://github.com/git/git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "2.7.5" }, { "last_affected": "2.8.0" }, { "last_affected": "2.8.0-rc0" }, { "last_affected": "2.8.0-rc1" }, { "last_affected": "2.8.0-rc2" }, { "last_affected": "2.8.0-rc3" }, { "last_affected": "2.8.1" }, { "last_affected": "2.8.2" }, { "last_affected": "2.8.3" }, { "last_affected": "2.8.4" }, { "last_affected": "2.8.5" }, { "last_affected": "2.9.0" }, { "last_affected": "2.9.0-rc0" }, { "last_affected": "2.9.0-rc1" }, { "last_affected": "2.9.0-rc2" }, { "last_affected": "2.9.1" }, { "last_affected": "2.9.2" }, { "last_affected": "2.9.3" }, { "last_affected": "2.9.4" }, { "last_affected": "2.10.0" }, { "last_affected": "2.10.0-rc0" }, { "last_affected": "2.10.0-rc1" }, { "last_affected": "2.10.0-rc2" }, { "last_affected": "2.10.1" }, { "last_affected": "2.10.2" }, { "last_affected": "2.10.3" }, { "last_affected": "2.11.0" }, { "last_affected": "2.11.0-rc0" }, { "last_affected": "2.11.0-rc1" }, { "last_affected": "2.11.0-rc2" }, { "last_affected": "2.11.0-rc3" }, { "last_affected": "2.11.1" }, { "last_affected": "2.11.2" }, { "last_affected": "2.12.0" }, { "last_affected": "2.12.0-rc0" }, { "last_affected": "2.12.0-rc1" }, { "last_affected": "2.12.0-rc2" }, { "last_affected": "2.12.1" }, { "last_affected": "2.12.2" }, { "last_affected": "2.12.3" }, { "last_affected": "2.13.0" }, { "last_affected": "2.13.0-rc0" }, { "last_affected": "2.13.0-rc1" }, { "last_affected": "2.13.0-rc2" }, { "last_affected": "2.13.1" }, { "last_affected": "2.13.2" }, { "last_affected": "2.13.3" }, { "last_affected": "2.13.4" }, { "last_affected": "2.14.0" }, { "last_affected": "2.14.0-rc0" }, { "last_affected": "2.14.0-rc1" } ], "cpe": [ "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.14.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.14.0:rc1:*:*:*:*:*:*" ], "source": "CPE_FIELD" }
Affected versions
v0.*
v0.99
v0.99.1
v0.99.2
v0.99.3
v0.99.4
v0.99.5
v0.99.6
v0.99.7
v0.99.8
v0.99.8a
v0.99.8b
v0.99.8c
v0.99.8d
v0.99.8e
v0.99.8f
v0.99.8g
v0.99.9a
v0.99.9b
v0.99.9c
v0.99.9d
v0.99.9e
v0.99.9f
v0.99.9g
v0.99.9h
v0.99.9i
v0.99.9j
v0.99.9k
v0.99.9l
v0.99.9m
v0.99.9n
v1.*
v1.0.0
v1.0rc1
v1.0rc2
v1.0rc3
v1.0rc4
v1.0rc5
v1.0rc6
v1.1.0
v1.2.0
v1.3.0-rc1
v1.4.1
v1.4.1-rc1
v1.4.1-rc2
v1.4.2
v1.4.2-rc1
v1.4.2-rc2
v1.4.2-rc3
v1.4.2-rc4
v1.4.3
v1.4.3-rc1
v1.4.3-rc2
v1.4.3-rc3
v1.4.4
v1.4.4-rc1
v1.4.4-rc2
v1.4.4.1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.5.0-rc2
v1.5.0-rc3
v1.5.0-rc4
v1.5.1
v1.5.1-rc1
v1.5.1-rc2
v1.5.1-rc3
v1.5.2
v1.5.2-rc0
v1.5.2-rc1
v1.5.2-rc2
v1.5.2-rc3
v1.5.3
v1.5.3-rc0
v1.5.3-rc1
v1.5.3-rc2
v1.5.3-rc3
v1.5.3-rc4
v1.5.3-rc5
v1.5.3-rc6
v1.5.3-rc7
v1.5.3.1
v1.5.4
v1.5.4-rc0
v1.5.4-rc1
v1.5.4-rc2
v1.5.4-rc3
v1.5.4-rc4
v1.5.4-rc5
v1.5.5
v1.5.5-rc0
v1.5.5-rc1
v1.5.5-rc2
v1.5.5-rc3
v1.5.6
v1.5.6-rc0
v1.5.6-rc1
v1.5.6-rc2
v1.5.6-rc3
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.1-rc1
v1.6.1-rc2
v1.6.1-rc3
v1.6.1-rc4
v1.6.2
v1.6.2-rc0
v1.6.2-rc1
v1.6.2-rc2
v1.6.3
v1.6.3-rc0
v1.6.3-rc1
v1.6.3-rc2
v1.6.3-rc3
v1.6.3-rc4
v1.6.4
v1.6.4-rc0
v1.6.4-rc1
v1.6.4-rc2
v1.6.4-rc3
v1.6.5
v1.6.5-rc0
v1.6.5-rc1
v1.6.5-rc2
v1.6.5-rc3
v1.6.6
v1.6.6-rc0
v1.6.6-rc1
v1.6.6-rc2
v1.6.6-rc3
v1.6.6-rc4
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.0-rc2
v1.7.1
v1.7.1-rc0
v1.7.1-rc1
v1.7.1-rc2
v1.7.10
v1.7.10-rc0
v1.7.10-rc1
v1.7.10-rc2
v1.7.10-rc3
v1.7.10-rc4
v1.7.11
v1.7.11-rc0
v1.7.11-rc1
v1.7.11-rc2
v1.7.11-rc3
v1.7.12
v1.7.12-rc0
v1.7.12-rc1
v1.7.12-rc2
v1.7.12-rc3
v1.7.2
v1.7.2-rc0
v1.7.2-rc1
v1.7.2-rc2
v1.7.2-rc3
v1.7.3
v1.7.3-rc0
v1.7.3-rc1
v1.7.3-rc2
v1.7.3.1
v1.7.4
v1.7.4-rc0
v1.7.4-rc1
v1.7.4-rc2
v1.7.4-rc3
v1.7.5
v1.7.5-rc0
v1.7.5-rc1
v1.7.5-rc2
v1.7.5-rc3
v1.7.6
v1.7.6-rc0
v1.7.6-rc1
v1.7.6-rc2
v1.7.6-rc3
v1.7.7
v1.7.7-rc0
v1.7.7-rc1
v1.7.7-rc2
v1.7.7-rc3
v1.7.8
v1.7.8-rc0
v1.7.8-rc1
v1.7.8-rc2
v1.7.8-rc3
v1.7.8-rc4
v1.7.9
v1.7.9-rc0
v1.7.9-rc1
v1.7.9-rc2
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.8.0-rc2
v1.8.0-rc3
v1.8.1
v1.8.1-rc0
v1.8.1-rc1
v1.8.1-rc2
v1.8.1-rc3
v1.8.2
v1.8.2-rc0
v1.8.2-rc1
v1.8.2-rc2
v1.8.2-rc3
v1.8.3
v1.8.3-rc0
v1.8.3-rc1
v1.8.3-rc2
v1.8.3-rc3
v1.8.4
v1.8.4-rc0
v1.8.4-rc1
v1.8.4-rc2
v1.8.4-rc3
v1.8.4-rc4
v1.8.5
v1.8.5-rc0
v1.8.5-rc1
v1.8.5-rc2
v1.8.5-rc3
v1.9-rc0
v1.9-rc1
v1.9-rc2
v1.9.0
v1.9.0-rc3
v2.*
v2.0.0
v2.0.0-rc0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.1.0
v2.1.0-rc0
v2.1.0-rc1
v2.1.0-rc2
v2.10.0
v2.10.0-rc0
v2.10.0-rc1
v2.10.0-rc2
v2.10.1
v2.10.2
v2.10.3
v2.11.0
v2.11.0-rc0
v2.11.0-rc1
v2.11.0-rc2
v2.11.0-rc3
v2.11.1
v2.11.2
v2.12.0
v2.12.0-rc0
v2.12.0-rc1
v2.12.0-rc2
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.13.0-rc0
v2.13.0-rc1
v2.13.0-rc2
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.14.0
v2.14.0-rc0
v2.14.0-rc1
v2.2.0
v2.2.0-rc0
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc3
v2.3.0
v2.3.0-rc0
v2.3.0-rc1
v2.3.0-rc2
v2.4.0
v2.4.0-rc0
v2.4.0-rc1
v2.4.0-rc2
v2.4.0-rc3
v2.5.0
v2.5.0-rc0
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.6.0
v2.6.0-rc0
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v2.7.0
v2.7.0-rc0
v2.7.0-rc1
v2.7.0-rc2
v2.7.0-rc3
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.8.0
v2.8.0-rc0
v2.8.0-rc1
v2.8.0-rc2
v2.8.0-rc3
v2.8.0-rc4
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.9.0
v2.9.0-rc0
v2.9.0-rc1
v2.9.0-rc2
v2.9.1
v2.9.2
v2.9.3
v2.9.4