CVE-2015-8969: Command Injection

Q: What is the severity of CVE-2015-8969?

CVE-2015-8969 is classified as a high severity vulnerability due to its potential for command injection.

Q: How do I fix CVE-2015-8969?

To mitigate CVE-2015-8969, upgrade git-fastclone to version 1.0.5 or later.

Q: Which versions are affected by CVE-2015-8969?

CVE-2015-8969 affects all versions of git-fastclone prior to 1.0.5.

Q: What could an attacker achieve by exploiting CVE-2015-8969?

By exploiting CVE-2015-8969, an attacker could execute arbitrary shell commands on the server.

Q: Is CVE-2015-8969 a local or remote vulnerability?

CVE-2015-8969 can be exploited remotely since it involves user-modifiable input being used in shell commands.

Published Nov 3, 2016

Updated

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.

Other sources

Affected Software

2 affected componentsFixes available

rubygems/git-fastclone<1.0.5

1.0.5

squareup Git-fastclone<1.0.5

Event History

Nov 3, 2016

CVE Published

via MITRE·10:00 AM

Data Sourced

via MITRE·10:00 AM

DescriptionWeakness

Aug 15, 2018

Advisory Published

08:04 PM

Frequently Asked Questions

What is the severity of CVE-2015-8969?

CVE-2015-8969 is classified as a high severity vulnerability due to its potential for command injection.

How do I fix CVE-2015-8969?

To mitigate CVE-2015-8969, upgrade git-fastclone to version 1.0.5 or later.

Which versions are affected by CVE-2015-8969?

CVE-2015-8969 affects all versions of git-fastclone prior to 1.0.5.

What could an attacker achieve by exploiting CVE-2015-8969?