mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
3.0 KiB
3.0 KiB
CVE-2018-11235
Description
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
POC
Reference
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/9069332997/session-1-full-stack
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AnonymKing/CVE-2017-1000117
- https://github.com/AnonymKing/CVE-2018-11235
- https://github.com/CHYbeta/CVE-2018-11235-DEMO
- https://github.com/Flashyy911/pentesterlab
- https://github.com/H0K5/clone_and_pwn
- https://github.com/JameelNabbo/git-remote-code-execution
- https://github.com/Kiss-sh0t/CVE-2018-11235-poc
- https://github.com/PentesterLab/empty
- https://github.com/PonusJang/RCE_COLLECT
- https://github.com/Rogdham/CVE-2018-11235
- https://github.com/SenSecurity/exploit
- https://github.com/Yealid/empty
- https://github.com/adamyi/awesome-stars
- https://github.com/epsylon/m--github
- https://github.com/evilmiracle/CVE-2018-11236
- https://github.com/fadidxb/repository1
- https://github.com/fadidxb/repository2
- https://github.com/j4k0m/CVE-2018-11235
- https://github.com/jattboe-bak/empty
- https://github.com/jhswartz/CVE-2018-11235
- https://github.com/jongmartinez/CVE-2018-11235-PoC
- https://github.com/knqyf263/CVE-2018-11235
- https://github.com/lacework/up-and-running-packer
- https://github.com/lnick2023/nicenice
- https://github.com/meherarfaoui09/meher
- https://github.com/moajo/cve_2018_11235
- https://github.com/nerdyamigo/pop
- https://github.com/nthuong95/CVE-2018-11235
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/qweraqq/CVE-2018-11235-Git-Submodule-CE
- https://github.com/russemandev/repository1
- https://github.com/russemandev/repository2
- https://github.com/scottford-lw/up-and-running-packer
- https://github.com/seoqqq/ccvv
- https://github.com/seoqqq/wwq
- https://github.com/staaldraad/troopers19
- https://github.com/twseptian/cve-2018-11235-git-submodule-ce-and-docker-ngrok-configuration
- https://github.com/vmotos/CVE-2018-11235
- https://github.com/xElkomy/CVE-2018-11235
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/ygouzerh/CVE-2018-11235