CVE-2015-7545

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

Published: Apr 13, 2016
Updated: Nov 9, 2025
CVE: CVE-2015-7545
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
git_project / git	2.4.1	2.4.1.x
git_project / git	2.4.9	2.4.9.x
git_project / git	2.5.2	2.5.2.x
git_project / git	2.5.3	2.5.3.x
git_project / git	2.5.0	2.5.0.x
git_project / git	2.4.2	2.4.2.x
git_project / git	2.4.0	2.4.0.x
git_project / git	2.4.8	2.4.8.x
git_project / git	2.6.0	2.6.0.x
git_project / git	2.4.7	2.4.7.x
git_project / git	2.4.5	2.4.5.x
git_project / git	2.5.1	2.5.1.x
git_project / git	-	2.3.9.x
git_project / git	2.4.3	2.4.3.x
git_project / git	2.4.6	2.4.6.x
git_project / git	2.4.4	2.4.4.x
canonical / ubuntu_linux	12.04	12.04.x
redhat / software_collections	1.0	1.0.x
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	15.04	15.04.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x

Vulnerability Database

300,214

CVE-2015-7545

Deep Security Visibility Without the Complexity