Git/GitLab/SVN Command Injection via SSH URL (CVE-2004-0489)

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: Key Information 1. Git LFS Vulnerability - Discovery Time: Mid-May 2017 - Vulnerability Description: By configuring an URL in the file, it is possible to cause the Git LFS plugin to execute arbitrary commands. - Exploitation Method: Configuring in the file; when cloning a repository containing this configuration, Git attempts to execute the specified command. - CVE ID: CVE-2004-0489 - Remediation: Reported to GitHub and quickly fixed. 2. GitLab Vulnerability - Discovery Time: Mid-July 2017 - Vulnerability Description: Using a similar trigger, importing a repository with an URL in GitLab can lead to server-side code execution. - Exploitation Method: For example, the command will launch . - Impact Scope: Not limited to LFS and GitLab; is also affected. - Remediation: Reported to GitLab and remediated via coordination through the git-security mailing list. 3. SVN and Mercurial Vulnerabilities - Discovery Time: Discovered during the process of fixing the Git vulnerability - Vulnerability Description: SVN and Mercurial are also affected by the same issue, particularly SVN follows HTTP 301 redirects to URLs. - Exploitation Method: An innocuous HTTP URL may trigger a 301 redirect, leading to command execution. These vulnerabilities demonstrate the risks of command injection through the exploitation of configuration files and specific URL patterns, and all were promptly remediated after discovery.

Goal Reached Thanks to every supporter — we hit 100%!

Git/GitLab/SVN Command Injection via SSH URL (CVE-2004-0489)