A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "git-core": "1:1.9.1-1ubuntu0.6", "git-daemon-run": "1:1.9.1-1ubuntu0.6", "git-email": "1:1.9.1-1ubuntu0.6", "git-mediawiki": "1:1.9.1-1ubuntu0.6", "git": "1:1.9.1-1ubuntu0.6", "git-el": "1:1.9.1-1ubuntu0.6", "git-cvs": "1:1.9.1-1ubuntu0.6", "git-bzr": "1:1.9.1-1ubuntu0.6", "gitk": "1:1.9.1-1ubuntu0.6", "git-doc": "1:1.9.1-1ubuntu0.6", "git-arch": "1:1.9.1-1ubuntu0.6", "git-daemon-sysvinit": "1:1.9.1-1ubuntu0.6", "git-svn": "1:1.9.1-1ubuntu0.6", "git-gui": "1:1.9.1-1ubuntu0.6", "git-man": "1:1.9.1-1ubuntu0.6", "gitweb": "1:1.9.1-1ubuntu0.6", "git-all": "1:1.9.1-1ubuntu0.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "git-core": "1:2.7.4-0ubuntu1.2", "git-daemon-run": "1:2.7.4-0ubuntu1.2", "git-email": "1:2.7.4-0ubuntu1.2", "git-mediawiki": "1:2.7.4-0ubuntu1.2", "git": "1:2.7.4-0ubuntu1.2", "git-el": "1:2.7.4-0ubuntu1.2", "git-cvs": "1:2.7.4-0ubuntu1.2", "git-doc": "1:2.7.4-0ubuntu1.2", "gitk": "1:2.7.4-0ubuntu1.2", "git-arch": "1:2.7.4-0ubuntu1.2", "git-daemon-sysvinit": "1:2.7.4-0ubuntu1.2", "git-svn": "1:2.7.4-0ubuntu1.2", "git-gui": "1:2.7.4-0ubuntu1.2", "git-man": "1:2.7.4-0ubuntu1.2", "gitweb": "1:2.7.4-0ubuntu1.2", "git-all": "1:2.7.4-0ubuntu1.2" } ] }