Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-11235

EPSS 41.72% · P97
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-11235

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Git 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Git是美国软件开发者林纳斯-托瓦兹(Linus Torvalds)所研发的一套免费、开源的分布式版本控制系统。 Git中存在安全漏洞,该漏洞源于在将子模块名称添加到$GIT_DIR/modules目录下时,程序没有正确的验证来自不可信.gitmodules文件的子模块名称。远程攻击者可借助特制的.gitmodules文件利用该漏洞执行任意代码。以下版本受到影响:Git 2.13.7之前版本,2.14.4之前的2.14.x版本,2.15.2之前的2.15.x版本,2.16.4之前的2.16.x版本,2.1
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-11235

#POC DescriptionSource LinkShenlong Link
1PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submoduleshttps://github.com/Rogdham/CVE-2018-11235POC Details
2RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235)https://github.com/vmotos/CVE-2018-11235POC Details
3Nonehttps://github.com/Choihosu/cve-2018-11235POC Details
4Nonehttps://github.com/CHYbeta/CVE-2018-11235-DEMOPOC Details
5for git v2.7.4https://github.com/Kiss-sh0t/CVE-2018-11235-pocPOC Details
6Exploits CVE-2018-11235https://github.com/H0K5/clone_and_pwnPOC Details
7CVE-2018-11235 (Git)https://github.com/knqyf263/CVE-2018-11235POC Details
8Proof of Concept - RCE Exploitation : Git submodules' names vulnerability - Ensimag November 2018https://github.com/ygouzerh/CVE-2018-11235POC Details
9CVE-2018-11235-Git PoChttps://github.com/qweraqq/CVE-2018-11235-Git-Submodule-CEPOC Details
10git {<2.13.7, <2.14.4, <2.15.2, <2.16.4, <2.17.1} remote code executionhttps://github.com/jhswartz/CVE-2018-11235POC Details
11CVE-2018-11235(PoC && Exp)https://github.com/AnonymKing/CVE-2018-11235POC Details
12Nonehttps://github.com/0rx1/CVE-2018-11235POC Details
13Nonehttps://github.com/cchang27/CVE-2018-11235-testPOC Details
14Nonehttps://github.com/nthuong95/CVE-2018-11235POC Details
15Nonehttps://github.com/xElkomy/CVE-2018-11235POC Details
16PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submodules https://github.com/jongmartinez/CVE-2018-11235-PoCPOC Details
17Nonehttps://github.com/MohamedTarekq/test-CVE-2018-11235POC Details
18Nonehttps://github.com/Yealid/CVE-2018-11235-Git-Submodule-RCEPOC Details
19Auto malicious git repository creation to exploit CVE-2018-11235 a Remote Code Execution using Git Sub module.https://github.com/j4k0m/CVE-2018-11235POC Details
20CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configurationhttps://github.com/twseptian/cve-2018-11235-git-submodule-ce-and-docker-ngrok-configurationPOC Details
21CVE-2018-11235: Git Submodule RCEhttps://github.com/SenSecurity/exploitPOC Details
22Nonehttps://github.com/EmaVirgRep/CVE-2018-11235POC Details
23pentesterlab_CVE-2018-11235: Git Submodule RCEhttps://github.com/theerachaich/labPOC Details
24exploit poc for CVE-2018-11235https://github.com/Rezy-Dev/CVE-2018-11235POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-11235

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-05-30 · 30 CVEs total

CVE-2018-10995SchedMD Slurm 输入验证错误漏洞
CVE-2018-11568GamePlan theme for WordPress 跨站脚本漏洞
CVE-2018-11567Amazon Echo 安全漏洞
CVE-2018-7534Unisys Stealth Solution Stealth Authorization Server 安全漏洞
CVE-2018-11565Catalyst Mahara 安全漏洞
CVE-2018-11482多款TP-LINK产品访问控制错误漏洞
CVE-2018-11481多款TP-LINK产品安全漏洞
CVE-2018-11478Vgate iCar 2 Wi-Fi OBD2 Dongle 安全漏洞
CVE-2018-11477Vgate iCar 2 Wi-Fi OBD2 Dongle 安全漏洞
CVE-2018-11476Vgate iCar 2 Wi-Fi OBD2 Dongle 安全漏洞
CVE-2018-10939Zimbra Collaboration Suite Zimbra Web Client 跨站脚本漏洞
CVE-2018-10196Graphviz 代码问题漏洞
CVE-2015-7610Zimbra Collaboration Suite 跨站请求伪造漏洞
CVE-2018-11562MISP 跨站脚本漏洞
CVE-2018-11518HCL legacy IVR系统安全漏洞
CVE-2018-11233Git 输入验证错误漏洞
CVE-2018-11439TagLib 安全漏洞
CVE-2018-11438Libmobi 缓冲区错误漏洞
CVE-2018-11437Libmobi 安全漏洞
CVE-2018-11436Libmobi 安全漏洞

Showing top 20 of 30 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-11235

No comments yet

Leave a comment