CVE-2015-8969
CRITICALgit-fastclone < 1.0.5 - Command Injection via Shell Command Arguments
Title source: llmDescription
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/81433
Vendor Advisory x_refsource_misc
https://github.com/square/git-fastclone/pull/5
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/105190
Scores
CVSS v3
9.8
EPSS
0.0249
EPSS Percentile
85.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (3)
n/a/git-fastclone ruby gem All versions before 1.0.5
git-fastclone ruby gem All versions before 1.0.5
rubygems/git-fastclone
0 - 1.0.5RubyGems
squareup/git-fastclone
< 1.0.5
Published
Nov 03, 2016
Tracked Since
Feb 18, 2026