{"id":"CVE-2017-1000117","details":"A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.","modified":"2026-04-10T03:56:01.457870Z","published":"2017-10-05T01:29:04.650Z","related":["HSEC-2023-0009","MGASA-2017-0266","SUSE-SU-2017:2225-1","SUSE-SU-2017:2320-1","openSUSE-SU-2024:10786-1"],"references":[{"type":"WEB","url":"https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039131"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2485"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2491"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2675"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-10"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42599/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3934"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100283"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2484"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2674"},{"type":"ADVISORY","url":"https://support.apple.com/HT208103"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/git/git","events":[{"introduced":"0"},{"last_affected":"c8dd1e3bb1152844983558802a52c9e4c17652b4"},{"introduced":"0"},{"last_affected":"90f7b16b3adc78d4bbabbd426fb69aa78c714f71"},{"introduced":"0"},{"last_affected":"f02fbc4f9433937ee0463d0342d6d7d97e1f6f1e"},{"introduced":"0"},{"last_affected":"ab5d01a29eb7380ceab070f0807c2939849c44bc"},{"introduced":"0"},{"last_affected":"ed9067f705aa51819c7dfff7e4190dd267beaf5d"},{"introduced":"0"},{"last_affected":"d9c691a759d62cef53a6cc11864a2ef4b0829244"},{"introduced":"0"},{"last_affected":"d95553a6b8c5153f541adcfc3346004e8249b0e6"},{"introduced":"0"},{"last_affected":"60115f54bda3a127ed3cc8ffc6ab6c771cbceb1b"},{"introduced":"0"},{"last_affected":"0f8e831356d4f1a34baf46bb1a6b2d4c89ec9cb8"},{"introduced":"0"},{"last_affected":"0b65a8dbdb38962e700ee16776a3042beb489060"},{"introduced":"0"},{"last_affected":"cd0887327544ecdc8778e16219aec3f43b0dd682"},{"introduced":"0"},{"last_affected":"05219a1276341e72d8082d76b7f5ed394b7437a4"},{"introduced":"0"},{"last_affected":"3a0f269e7c82aa3a87323cb7ae04ac5f129f036b"},{"introduced":"0"},{"last_affected":"60bd4b1c513bb652cdffad44382046ca872140eb"},{"introduced":"0"},{"last_affected":"49fa3dc76179e04b0833542fa52d0f287a4955ac"},{"introduced":"0"},{"last_affected":"5c9159de87e41cf14ec5f2132afb5a06f35c26b3"},{"introduced":"0"},{"last_affected":"e634160bf457f8b3a91125307681c9493f11afb2"},{"introduced":"0"},{"last_affected":"e0c1ceafc5bece92d35773a75fff59497e1d9bd5"},{"introduced":"0"},{"last_affected":"d61226c1118f749280c050555d83560ca0f3bf71"},{"introduced":"0"},{"last_affected":"6ebdac1bab966b720d776aa43ca188fe378b1f4b"},{"introduced":"0"},{"last_affected":"726cc2ba12c4573ab2e623077479c51019e1f3cd"},{"introduced":"0"},{"last_affected":"2632c897f74b1cc9b5533f467da459b9ec725538"},{"introduced":"0"},{"last_affected":"d5cb9cbd64165153a318e1049f8bf14b09a16b11"},{"introduced":"0"},{"last_affected":"6406bdc0b95715a087fdeeb0f6adf3deb80a25b8"},{"introduced":"0"},{"last_affected":"ac84098b7e32406a982ac01cc76a663d5605224b"},{"introduced":"0"},{"last_affected":"840ed141983718e0c5518a325534a5656797132a"},{"introduced":"0"},{"last_affected":"454cb6bd52a4de614a3633e4f547af03d5c3b640"},{"introduced":"0"},{"last_affected":"1fe8f2cf461179c41f64efbd1dc0a9fb3b7a0fb1"},{"introduced":"0"},{"last_affected":"3ab228137f980ff72dbdf5064a877d07bec76df9"},{"introduced":"0"},{"last_affected":"1310affe024fba407bff55dbe65cd6d670c8a32d"},{"introduced":"0"},{"last_affected":"e2b2d6a172b76d44cb7b1ddb12ea5bfac9613a44"},{"introduced":"0"},{"last_affected":"3b9e3c2cede15057af3ff8076c45ad5f33829436"},{"introduced":"0"},{"last_affected":"773e3a2e0226cffac6c813c2d3bea5ba480675d8"},{"introduced":"0"},{"last_affected":"e7e07d5a4fcc2a203d9873968ad3e6bd4d7419d7"},{"introduced":"0"},{"last_affected":"6e3a7b3398559305c7a239a42e447c21a8f39ff8"},{"introduced":"0"},{"last_affected":"5588dbffbd61e4906e453808c6ad32f792fea521"},{"introduced":"0"},{"last_affected":"20769079d22a9f8010232bdf6131918c33a1bf69"},{"introduced":"0"},{"last_affected":"1f6b1afea00cdbc99114b88768aa5e617ff479df"},{"introduced":"0"},{"last_affected":"8f9aeb0d36c6cbfb849946bb272fa0d3c4611547"},{"introduced":"0"},{"last_affected":"95d67879735cfecfdd85f89e59d993c5b4de8835"},{"introduced":"0"},{"last_affected":"b06d3643105c8758ed019125a4399cb7efdcce2c"},{"introduced":"0"},{"last_affected":"6a2c2f8d34fa1e8f3bb85d159d354810ed63692e"},{"introduced":"0"},{"last_affected":"027a3b943b444a3e3a76f9a89803fc10245b858f"},{"introduced":"0"},{"last_affected":"4fa66c85f11bc5a541462ca5ae3246aa0ce02e74"},{"introduced":"0"},{"last_affected":"2c04f6340579518c55a554fcac9fe21c01b3d3ea"},{"introduced":"0"},{"last_affected":"8c8e978f5719c6a58fb998742207bf907f963143"},{"introduced":"0"},{"last_affected":"08f9c32463bf9e578acb7ac5f77afd36e803c6bc"},{"introduced":"0"},{"last_affected":"cf8899d285d2648013040ec7196ffd3de0606664"},{"introduced":"0"},{"last_affected":"4384e3cde2ce8ecd194202e171ae16333d241326"},{"introduced":"0"},{"last_affected":"f3da2b79be9565779e4f76dc5812c68e156afdf0"},{"introduced":"0"},{"last_affected":"5800c63717ae35286a1441f14ffff753e01f7e2b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.5"},{"introduced":"0"},{"last_affected":"2.8.0"},{"introduced":"0"},{"last_affected":"2.8.0-rc0"},{"introduced":"0"},{"last_affected":"2.8.0-rc1"},{"introduced":"0"},{"last_affected":"2.8.0-rc2"},{"introduced":"0"},{"last_affected":"2.8.0-rc3"},{"introduced":"0"},{"last_affected":"2.8.1"},{"introduced":"0"},{"last_affected":"2.8.2"},{"introduced":"0"},{"last_affected":"2.8.3"},{"introduced":"0"},{"last_affected":"2.8.4"},{"introduced":"0"},{"last_affected":"2.8.5"},{"introduced":"0"},{"last_affected":"2.9.0"},{"introduced":"0"},{"last_affected":"2.9.0-rc0"},{"introduced":"0"},{"last_affected":"2.9.0-rc1"},{"introduced":"0"},{"last_affected":"2.9.0-rc2"},{"introduced":"0"},{"last_affected":"2.9.1"},{"introduced":"0"},{"last_affected":"2.9.2"},{"introduced":"0"},{"last_affected":"2.9.3"},{"introduced":"0"},{"last_affected":"2.9.4"},{"introduced":"0"},{"last_affected":"2.10.0"},{"introduced":"0"},{"last_affected":"2.10.0-rc0"},{"introduced":"0"},{"last_affected":"2.10.0-rc1"},{"introduced":"0"},{"last_affected":"2.10.0-rc2"},{"introduced":"0"},{"last_affected":"2.10.1"},{"introduced":"0"},{"last_affected":"2.10.2"},{"introduced":"0"},{"last_affected":"2.10.3"},{"introduced":"0"},{"last_affected":"2.11.0"},{"introduced":"0"},{"last_affected":"2.11.0-rc0"},{"introduced":"0"},{"last_affected":"2.11.0-rc1"},{"introduced":"0"},{"last_affected":"2.11.0-rc2"},{"introduced":"0"},{"last_affected":"2.11.0-rc3"},{"introduced":"0"},{"last_affected":"2.11.1"},{"introduced":"0"},{"last_affected":"2.11.2"},{"introduced":"0"},{"last_affected":"2.12.0"},{"introduced":"0"},{"last_affected":"2.12.0-rc0"},{"introduced":"0"},{"last_affected":"2.12.0-rc1"},{"introduced":"0"},{"last_affected":"2.12.0-rc2"},{"introduced":"0"},{"last_affected":"2.12.1"},{"introduced":"0"},{"last_affected":"2.12.2"},{"introduced":"0"},{"last_affected":"2.12.3"},{"introduced":"0"},{"last_affected":"2.13.0"},{"introduced":"0"},{"last_affected":"2.13.0-rc0"},{"introduced":"0"},{"last_affected":"2.13.0-rc1"},{"introduced":"0"},{"last_affected":"2.13.0-rc2"},{"introduced":"0"},{"last_affected":"2.13.1"},{"introduced":"0"},{"last_affected":"2.13.2"},{"introduced":"0"},{"last_affected":"2.13.3"},{"introduced":"0"},{"last_affected":"2.13.4"},{"introduced":"0"},{"last_affected":"2.14.0"},{"introduced":"0"},{"last_affected":"2.14.0-rc0"},{"introduced":"0"},{"last_affected":"2.14.0-rc1"}]}}],"versions":["v0.99","v0.99.1","v0.99.2","v0.99.3","v0.99.4","v0.99.5","v0.99.6","v0.99.7","v0.99.8","v0.99.8a","v0.99.8b","v0.99.8c","v0.99.8d","v0.99.8e","v0.99.8f","v0.99.8g","v0.99.9a","v0.99.9b","v0.99.9c","v0.99.9d","v0.99.9e","v0.99.9f","v0.99.9g","v0.99.9h","v0.99.9i","v0.99.9j","v0.99.9k","v0.99.9l","v0.99.9m","v0.99.9n","v1.0.0","v1.0rc1","v1.0rc2","v1.0rc3","v1.0rc4","v1.0rc5","v1.0rc6","v1.1.0","v1.2.0","v1.3.0-rc1","v1.4.1","v1.4.1-rc1","v1.4.1-rc2","v1.4.2","v1.4.2-rc1","v1.4.2-rc2","v1.4.2-rc3","v1.4.2-rc4","v1.4.3","v1.4.3-rc1","v1.4.3-rc2","v1.4.3-rc3","v1.4.4","v1.4.4-rc1","v1.4.4-rc2","v1.4.4.1","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.5.0-rc4","v1.5.1","v1.5.1-rc1","v1.5.1-rc2","v1.5.1-rc3","v1.5.2","v1.5.2-rc0","v1.5.2-rc1","v1.5.2-rc2","v1.5.2-rc3","v1.5.3","v1.5.3-rc0","v1.5.3-rc1","v1.5.3-rc2","v1.5.3-rc3","v1.5.3-rc4","v1.5.3-rc5","v1.5.3-rc6","v1.5.3-rc7","v1.5.3.1","v1.5.4","v1.5.4-rc0","v1.5.4-rc1","v1.5.4-rc2","v1.5.4-rc3","v1.5.4-rc4","v1.5.4-rc5","v1.5.5","v1.5.5-rc0","v1.5.5-rc1","v1.5.5-rc2","v1.5.5-rc3","v1.5.6","v1.5.6-rc0","v1.5.6-rc1","v1.5.6-rc2","v1.5.6-rc3","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.6.1","v1.6.1-rc1","v1.6.1-rc2","v1.6.1-rc3","v1.6.1-rc4","v1.6.2","v1.6.2-rc0","v1.6.2-rc1","v1.6.2-rc2","v1.6.3","v1.6.3-rc0","v1.6.3-rc1","v1.6.3-rc2","v1.6.3-rc3","v1.6.3-rc4","v1.6.4","v1.6.4-rc0","v1.6.4-rc1","v1.6.4-rc2","v1.6.4-rc3","v1.6.5","v1.6.5-rc0","v1.6.5-rc1","v1.6.5-rc2","v1.6.5-rc3","v1.6.6","v1.6.6-rc0","v1.6.6-rc1","v1.6.6-rc2","v1.6.6-rc3","v1.6.6-rc4","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.7.0-rc2","v1.7.1","v1.7.1-rc0","v1.7.1-rc1","v1.7.1-rc2","v1.7.10","v1.7.10-rc0","v1.7.10-rc1","v1.7.10-rc2","v1.7.10-rc3","v1.7.10-rc4","v1.7.11","v1.7.11-rc0","v1.7.11-rc1","v1.7.11-rc2","v1.7.11-rc3","v1.7.12","v1.7.12-rc0","v1.7.12-rc1","v1.7.12-rc2","v1.7.12-rc3","v1.7.2","v1.7.2-rc0","v1.7.2-rc1","v1.7.2-rc2","v1.7.2-rc3","v1.7.3","v1.7.3-rc0","v1.7.3-rc1","v1.7.3-rc2","v1.7.3.1","v1.7.4","v1.7.4-rc0","v1.7.4-rc1","v1.7.4-rc2","v1.7.4-rc3","v1.7.5","v1.7.5-rc0","v1.7.5-rc1","v1.7.5-rc2","v1.7.5-rc3","v1.7.6","v1.7.6-rc0","v1.7.6-rc1","v1.7.6-rc2","v1.7.6-rc3","v1.7.7","v1.7.7-rc0","v1.7.7-rc1","v1.7.7-rc2","v1.7.7-rc3","v1.7.8","v1.7.8-rc0","v1.7.8-rc1","v1.7.8-rc2","v1.7.8-rc3","v1.7.8-rc4","v1.7.9","v1.7.9-rc0","v1.7.9-rc1","v1.7.9-rc2","v1.8.0","v1.8.0-rc0","v1.8.0-rc1","v1.8.0-rc2","v1.8.0-rc3","v1.8.1","v1.8.1-rc0","v1.8.1-rc1","v1.8.1-rc2","v1.8.1-rc3","v1.8.2","v1.8.2-rc0","v1.8.2-rc1","v1.8.2-rc2","v1.8.2-rc3","v1.8.3","v1.8.3-rc0","v1.8.3-rc1","v1.8.3-rc2","v1.8.3-rc3","v1.8.4","v1.8.4-rc0","v1.8.4-rc1","v1.8.4-rc2","v1.8.4-rc3","v1.8.4-rc4","v1.8.5","v1.8.5-rc0","v1.8.5-rc1","v1.8.5-rc2","v1.8.5-rc3","v1.9-rc0","v1.9-rc1","v1.9-rc2","v1.9.0","v1.9.0-rc3","v2.0.0","v2.0.0-rc0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.1.0","v2.1.0-rc0","v2.1.0-rc1","v2.1.0-rc2","v2.10.0","v2.10.0-rc0","v2.10.0-rc1","v2.10.0-rc2","v2.10.1","v2.10.2","v2.10.3","v2.11.0","v2.11.0-rc0","v2.11.0-rc1","v2.11.0-rc2","v2.11.0-rc3","v2.11.1","v2.11.2","v2.12.0","v2.12.0-rc0","v2.12.0-rc1","v2.12.0-rc2","v2.12.1","v2.12.2","v2.12.3","v2.13.0","v2.13.0-rc0","v2.13.0-rc1","v2.13.0-rc2","v2.13.1","v2.13.2","v2.13.3","v2.13.4","v2.14.0","v2.14.0-rc0","v2.14.0-rc1","v2.2.0","v2.2.0-rc0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.3.0","v2.3.0-rc0","v2.3.0-rc1","v2.3.0-rc2","v2.4.0","v2.4.0-rc0","v2.4.0-rc1","v2.4.0-rc2","v2.4.0-rc3","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.6.0","v2.6.0-rc0","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v2.7.0","v2.7.0-rc0","v2.7.0-rc1","v2.7.0-rc2","v2.7.0-rc3","v2.7.1","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.8.0","v2.8.0-rc0","v2.8.0-rc1","v2.8.0-rc2","v2.8.0-rc3","v2.8.0-rc4","v2.8.1","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.9.0","v2.9.0-rc0","v2.9.0-rc1","v2.9.0-rc2","v2.9.1","v2.9.2","v2.9.3","v2.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000117.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}