reports/GO-2021-0073.yaml - vulndb - Git at Google

 packages:
   - module: github.com/git-lfs/git-lfs
     package: github.com/git-lfs/git-lfs/lfsapi
     symbols:
       - sshGetLFSExeAndArgs
     versions:
       - fixed: 2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
 description: |
     Arbitrary command execution can be triggered by improperly
     sanitized SSH URLs in LFS configuration files. This can be
     triggered by cloning a malicious repository.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2017-17831
 links:
     pr: https://github.com/git-lfs/git-lfs/pull/2241
     commit: https://github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
     context:
       - http://blog.recurity-labs.com/2017-08-10/scm-vulns
       - https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
       - http://www.securityfocus.com/bid/102926
	packages:
	- module: github.com/git-lfs/git-lfs
	package: github.com/git-lfs/git-lfs/lfsapi
	symbols:
	- sshGetLFSExeAndArgs
	versions:
	- fixed: 2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
	description: \|
	Arbitrary command execution can be triggered by improperly
	sanitized SSH URLs in LFS configuration files. This can be
	triggered by cloning a malicious repository.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2017-17831
	links:
	pr: https://github.com/git-lfs/git-lfs/pull/2241
	commit: https://github.com/git-lfs/git-lfs/commit/f913f5f9c7c6d1301785fdf9884a2942d59cdf19
	context:
	- http://blog.recurity-labs.com/2017-08-10/scm-vulns
	- https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
	- http://www.securityfocus.com/bid/102926