CVE-2015-7545

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

Published: Apr 13, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-7545
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
git_project / git	2.4.1	2.4.1.x
git_project / git	2.4.9	2.4.9.x
git_project / git	2.5.2	2.5.2.x
git_project / git	2.5.3	2.5.3.x
git_project / git	2.5.0	2.5.0.x
git_project / git	2.4.2	2.4.2.x
git_project / git	2.4.0	2.4.0.x
git_project / git	2.4.8	2.4.8.x
git_project / git	2.6.0	2.6.0.x
git_project / git	2.4.7	2.4.7.x
git_project / git	2.4.5	2.4.5.x
git_project / git	2.5.1	2.5.1.x
git_project / git	-	2.3.9.x
git_project / git	2.4.3	2.4.3.x
git_project / git	2.4.6	2.4.6.x
git_project / git	2.4.4	2.4.4.x
canonical / ubuntu_linux	12.04	12.04.x
redhat / software_collections	1.0	1.0.x
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	15.04	15.04.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x

Vulnerability Database

289,599

CVE-2015-7545