CVE-2018-3785

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions git-dummy-commit version 1.3.0

Description A command injection issue allows OS level commands to be executed due to an unescaped parameter.

Recommendations For git-dummy-commit version 1.3.0, consider restricting the use of the vulnerable parameter as a temporary workaround until a patch is available. Avoid using unescaped parameters in commands to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-3785

GHSA-H3C2-X77C-7PVR

Affected Products

Git-Dummy-Commit

CVE-2018-3785

Weakness Enumeration

Related Identifiers

Affected Products

References · 5