{"id":"CVE-2017-12426","details":"GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.","modified":"2026-04-10T03:56:43.462028Z","published":"2017-08-14T21:29:00.213Z","related":["CGA-qmqh-gfx7-4794"],"references":[{"type":"WEB","url":"https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html"},{"type":"ADVISORY","url":"https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"0"},{"last_affected":"7e684a332ccd51de718a2f5f88060b0913a1b008"},{"introduced":"0"},{"last_affected":"7e684a332ccd51de718a2f5f88060b0913a1b008"},{"introduced":"0"},{"last_affected":"f33774cb120324d428dabf52c89b8a65e4d4c166"},{"introduced":"0"},{"last_affected":"f33774cb120324d428dabf52c89b8a65e4d4c166"},{"introduced":"0"},{"last_affected":"7618f7fd87246cf0395c10162bc0fc3b3530a640"},{"introduced":"0"},{"last_affected":"7618f7fd87246cf0395c10162bc0fc3b3530a640"},{"introduced":"0"},{"last_affected":"3ed621894dca29a611a8f961aa5b30d4471034a6"},{"introduced":"0"},{"last_affected":"3ed621894dca29a611a8f961aa5b30d4471034a6"},{"introduced":"0"},{"last_affected":"254edd7e165c5f2d0fc59ca92a2970fcde63705d"},{"introduced":"0"},{"last_affected":"254edd7e165c5f2d0fc59ca92a2970fcde63705d"},{"introduced":"0"},{"last_affected":"349b042ecfdba96be85b32a50f16ed81b18db392"},{"introduced":"0"},{"last_affected":"349b042ecfdba96be85b32a50f16ed81b18db392"},{"introduced":"0"},{"last_affected":"71d72c9b0f74f06eee847fe04cfcdcb88529bf5c"},{"introduced":"0"},{"last_affected":"71d72c9b0f74f06eee847fe04cfcdcb88529bf5c"},{"introduced":"0"},{"last_affected":"7dffbc82afdd8696a032d6701021d6252f9bdda9"},{"introduced":"0"},{"last_affected":"7dffbc82afdd8696a032d6701021d6252f9bdda9"},{"introduced":"0"},{"last_affected":"3e10198a2bd4373ca72321ce5efcc87c4242ec06"},{"introduced":"0"},{"last_affected":"3e10198a2bd4373ca72321ce5efcc87c4242ec06"},{"introduced":"0"},{"last_affected":"cd94d5d57387b65171621d042e57d4e2e174683b"},{"introduced":"0"},{"last_affected":"cd94d5d57387b65171621d042e57d4e2e174683b"},{"introduced":"0"},{"last_affected":"c1923d5b0b6ee1f6546fbd3283c9e86f0cc9a272"},{"introduced":"0"},{"last_affected":"c1923d5b0b6ee1f6546fbd3283c9e86f0cc9a272"},{"introduced":"0"},{"last_affected":"6afd6e1a69a923a139e6b211e596c564ff5fa0c9"},{"introduced":"0"},{"last_affected":"6afd6e1a69a923a139e6b211e596c564ff5fa0c9"},{"introduced":"0"},{"last_affected":"d9e4841575ca50b94b2724243fcdf27f175030d9"},{"introduced":"0"},{"last_affected":"d9e4841575ca50b94b2724243fcdf27f175030d9"},{"introduced":"0"},{"last_affected":"f3965124e06a3aa221caf75c33a6c06099695597"},{"introduced":"0"},{"last_affected":"f3965124e06a3aa221caf75c33a6c06099695597"},{"introduced":"0"},{"last_affected":"a515b56a128da5bace23d4b475030b91e87b9606"},{"introduced":"0"},{"last_affected":"a515b56a128da5bace23d4b475030b91e87b9606"},{"introduced":"0"},{"last_affected":"43c23ff4e25b10ef98ff600f522fc4dd3ea49c46"},{"introduced":"0"},{"last_affected":"43c23ff4e25b10ef98ff600f522fc4dd3ea49c46"},{"introduced":"0"},{"last_affected":"64880437ba912cd3bb2f845dbf0ce3c757259c13"},{"introduced":"0"},{"last_affected":"64880437ba912cd3bb2f845dbf0ce3c757259c13"},{"introduced":"0"},{"last_affected":"e28218ce5d0903550e09909a96d2c84b520de710"},{"introduced":"0"},{"last_affected":"e28218ce5d0903550e09909a96d2c84b520de710"},{"introduced":"0"},{"last_affected":"cd361c2682fef6211b8a6cd33371ba4e2273a296"},{"introduced":"0"},{"last_affected":"cd361c2682fef6211b8a6cd33371ba4e2273a296"},{"introduced":"0"},{"last_affected":"f7c4d7bbe1d41c8bd199267b60991dc4e0564429"},{"introduced":"0"},{"last_affected":"f7c4d7bbe1d41c8bd199267b60991dc4e0564429"},{"introduced":"0"},{"last_affected":"5c046e9fa619929bfbaeea532a364dbe92a67553"},{"introduced":"0"},{"last_affected":"5c046e9fa619929bfbaeea532a364dbe92a67553"},{"introduced":"0"},{"last_affected":"6f5de11fb813898f351a8889e2e5085579a61fa6"},{"introduced":"0"},{"last_affected":"6f5de11fb813898f351a8889e2e5085579a61fa6"},{"introduced":"0"},{"last_affected":"f72e42e3aa1ba4e29de8423c13f8e101e82307a5"},{"introduced":"0"},{"last_affected":"f72e42e3aa1ba4e29de8423c13f8e101e82307a5"},{"introduced":"0"},{"last_affected":"c694566a78de72529aa2cb6cd7985eb3c154c314"},{"introduced":"0"},{"last_affected":"c694566a78de72529aa2cb6cd7985eb3c154c314"},{"introduced":"0"},{"last_affected":"4784d7896d755f282c6c629d236a4583ae45842b"},{"introduced":"0"},{"last_affected":"4784d7896d755f282c6c629d236a4583ae45842b"},{"introduced":"0"},{"last_affected":"b0dd8f61df35f675c3d63403b5126ec8c653926a"},{"introduced":"0"},{"last_affected":"b0dd8f61df35f675c3d63403b5126ec8c653926a"},{"introduced":"0"},{"last_affected":"b0041675fdc77967f3266c471d5342773185556e"},{"introduced":"0"},{"last_affected":"b0041675fdc77967f3266c471d5342773185556e"},{"introduced":"0"},{"last_affected":"43819e684ec17b7604eae5f2dd19894ceba1ced2"},{"introduced":"0"},{"last_affected":"43819e684ec17b7604eae5f2dd19894ceba1ced2"},{"introduced":"0"},{"last_affected":"c771fef92984df3767dd004575457ae631607f6a"},{"introduced":"0"},{"last_affected":"c771fef92984df3767dd004575457ae631607f6a"},{"introduced":"0"},{"last_affected":"915a0aa9da64dbf5425673e27198ebd5fc4b0c36"},{"introduced":"0"},{"last_affected":"915a0aa9da64dbf5425673e27198ebd5fc4b0c36"},{"introduced":"0"},{"last_affected":"0f19285bb8cb0d8abc936af7cb077c82d819a391"},{"introduced":"0"},{"last_affected":"0f19285bb8cb0d8abc936af7cb077c82d819a391"},{"introduced":"0"},{"last_affected":"61fee1520adef668450ae7315423542065d05028"},{"introduced":"0"},{"last_affected":"61fee1520adef668450ae7315423542065d05028"},{"introduced":"0"},{"last_affected":"0ee024e26042813ee62a2e0671a7fae29b09ec81"},{"introduced":"0"},{"last_affected":"0ee024e26042813ee62a2e0671a7fae29b09ec81"},{"introduced":"0"},{"last_affected":"248d210c9a80ae7a6fc3679b5107779003cd2e32"},{"introduced":"0"},{"last_affected":"248d210c9a80ae7a6fc3679b5107779003cd2e32"},{"introduced":"0"},{"last_affected":"53f18d8326e26304f6df0996c615ca72b6a85e5b"},{"introduced":"0"},{"last_affected":"53f18d8326e26304f6df0996c615ca72b6a85e5b"},{"introduced":"0"},{"last_affected":"a15332b32ccbac682c6371b98f01fc3954938157"},{"introduced":"0"},{"last_affected":"a15332b32ccbac682c6371b98f01fc3954938157"},{"introduced":"0"},{"last_affected":"2815f5cb4679b1b16ffd5ce2c86b779ff5140b70"},{"introduced":"0"},{"last_affected":"2815f5cb4679b1b16ffd5ce2c86b779ff5140b70"},{"introduced":"0"},{"last_affected":"6796a4a8c8b1aba7c08619bf62d032563816a20b"},{"introduced":"0"},{"last_affected":"6796a4a8c8b1aba7c08619bf62d032563816a20b"},{"introduced":"0"},{"last_affected":"18e7e91458ea1a4f7b3632a8c2c8df574a541209"},{"introduced":"0"},{"last_affected":"18e7e91458ea1a4f7b3632a8c2c8df574a541209"},{"introduced":"0"},{"last_affected":"44d109ded7a0448b2df5a2dc6ce81d2c2029a512"},{"introduced":"0"},{"last_affected":"44d109ded7a0448b2df5a2dc6ce81d2c2029a512"},{"introduced":"0"},{"last_affected":"7046350a477911952ca703d94a76eebf5b585cb3"},{"introduced":"0"},{"last_affected":"7046350a477911952ca703d94a76eebf5b585cb3"},{"introduced":"0"},{"last_affected":"3f9ac2785cf9af97a0089740d0c404b501067f19"},{"introduced":"0"},{"last_affected":"3f9ac2785cf9af97a0089740d0c404b501067f19"},{"introduced":"0"},{"last_affected":"791cb43ba08e31c16f278e75ba0973b679d10b17"},{"introduced":"0"},{"last_affected":"791cb43ba08e31c16f278e75ba0973b679d10b17"},{"introduced":"0"},{"last_affected":"7a27f14c7cae19f081d948d062265caec0273930"},{"introduced":"0"},{"last_affected":"7a27f14c7cae19f081d948d062265caec0273930"},{"introduced":"0"},{"last_affected":"1cfb4f1bd87be2a38c61dbe78f10c351449ab8b4"},{"introduced":"0"},{"last_affected":"1cfb4f1bd87be2a38c61dbe78f10c351449ab8b4"},{"introduced":"0"},{"last_affected":"1ae0012728304fb533c3267ddf23c77465821440"},{"introduced":"0"},{"last_affected":"1ae0012728304fb533c3267ddf23c77465821440"},{"introduced":"0"},{"last_affected":"421b9b5b810e415c3b7452ee6c26ec7498794a2b"},{"introduced":"0"},{"last_affected":"421b9b5b810e415c3b7452ee6c26ec7498794a2b"},{"introduced":"0"},{"last_affected":"9f45c3206f59ac6dca25947832d701ce67065f8d"},{"introduced":"0"},{"last_affected":"9f45c3206f59ac6dca25947832d701ce67065f8d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.17.7"},{"introduced":"0"},{"last_affected":"8.17.7"},{"introduced":"0"},{"last_affected":"9.0.0"},{"introduced":"0"},{"last_affected":"9.0.0"},{"introduced":"0"},{"last_affected":"9.0.1"},{"introduced":"0"},{"last_affected":"9.0.1"},{"introduced":"0"},{"last_affected":"9.0.2"},{"introduced":"0"},{"last_affected":"9.0.2"},{"introduced":"0"},{"last_affected":"9.0.3"},{"introduced":"0"},{"last_affected":"9.0.3"},{"introduced":"0"},{"last_affected":"9.0.4"},{"introduced":"0"},{"last_affected":"9.0.4"},{"introduced":"0"},{"last_affected":"9.0.5"},{"introduced":"0"},{"last_affected":"9.0.5"},{"introduced":"0"},{"last_affected":"9.0.6"},{"introduced":"0"},{"last_affected":"9.0.6"},{"introduced":"0"},{"last_affected":"9.0.7"},{"introduced":"0"},{"last_affected":"9.0.7"},{"introduced":"0"},{"last_affected":"9.0.8"},{"introduced":"0"},{"last_affected":"9.0.8"},{"introduced":"0"},{"last_affected":"9.0.9"},{"introduced":"0"},{"last_affected":"9.0.9"},{"introduced":"0"},{"last_affected":"9.0.10"},{"introduced":"0"},{"last_affected":"9.0.10"},{"introduced":"0"},{"last_affected":"9.0.11"},{"introduced":"0"},{"last_affected":"9.0.11"},{"introduced":"0"},{"last_affected":"9.0.12"},{"introduced":"0"},{"last_affected":"9.0.12"},{"introduced":"0"},{"last_affected":"9.1.0"},{"introduced":"0"},{"last_affected":"9.1.0"},{"introduced":"0"},{"last_affected":"9.1.1"},{"introduced":"0"},{"last_affected":"9.1.1"},{"introduced":"0"},{"last_affected":"9.1.2"},{"introduced":"0"},{"last_affected":"9.1.2"},{"introduced":"0"},{"last_affected":"9.1.3"},{"introduced":"0"},{"last_affected":"9.1.3"},{"introduced":"0"},{"last_affected":"9.1.4"},{"introduced":"0"},{"last_affected":"9.1.4"},{"introduced":"0"},{"last_affected":"9.1.5"},{"introduced":"0"},{"last_affected":"9.1.5"},{"introduced":"0"},{"last_affected":"9.1.6"},{"introduced":"0"},{"last_affected":"9.1.6"},{"introduced":"0"},{"last_affected":"9.1.7"},{"introduced":"0"},{"last_affected":"9.1.7"},{"introduced":"0"},{"last_affected":"9.1.8"},{"introduced":"0"},{"last_affected":"9.1.8"},{"introduced":"0"},{"last_affected":"9.1.9"},{"introduced":"0"},{"last_affected":"9.1.9"},{"introduced":"0"},{"last_affected":"9.2.0"},{"introduced":"0"},{"last_affected":"9.2.0"},{"introduced":"0"},{"last_affected":"9.2.1"},{"introduced":"0"},{"last_affected":"9.2.1"},{"introduced":"0"},{"last_affected":"9.2.2"},{"introduced":"0"},{"last_affected":"9.2.2"},{"introduced":"0"},{"last_affected":"9.2.3"},{"introduced":"0"},{"last_affected":"9.2.3"},{"introduced":"0"},{"last_affected":"9.2.4"},{"introduced":"0"},{"last_affected":"9.2.4"},{"introduced":"0"},{"last_affected":"9.2.5"},{"introduced":"0"},{"last_affected":"9.2.5"},{"introduced":"0"},{"last_affected":"9.2.6"},{"introduced":"0"},{"last_affected":"9.2.6"},{"introduced":"0"},{"last_affected":"9.2.7"},{"introduced":"0"},{"last_affected":"9.2.7"},{"introduced":"0"},{"last_affected":"9.2.8"},{"introduced":"0"},{"last_affected":"9.2.8"},{"introduced":"0"},{"last_affected":"9.2.9"},{"introduced":"0"},{"last_affected":"9.2.9"},{"introduced":"0"},{"last_affected":"9.3.0"},{"introduced":"0"},{"last_affected":"9.3.0"},{"introduced":"0"},{"last_affected":"9.3.1"},{"introduced":"0"},{"last_affected":"9.3.1"},{"introduced":"0"},{"last_affected":"9.3.2"},{"introduced":"0"},{"last_affected":"9.3.2"},{"introduced":"0"},{"last_affected":"9.3.3"},{"introduced":"0"},{"last_affected":"9.3.3"},{"introduced":"0"},{"last_affected":"9.3.4"},{"introduced":"0"},{"last_affected":"9.3.4"},{"introduced":"0"},{"last_affected":"9.3.5"},{"introduced":"0"},{"last_affected":"9.3.5"},{"introduced":"0"},{"last_affected":"9.3.6"},{"introduced":"0"},{"last_affected":"9.3.6"},{"introduced":"0"},{"last_affected":"9.3.7"},{"introduced":"0"},{"last_affected":"9.3.7"},{"introduced":"0"},{"last_affected":"9.3.8"},{"introduced":"0"},{"last_affected":"9.3.8"},{"introduced":"0"},{"last_affected":"9.3.9"},{"introduced":"0"},{"last_affected":"9.3.9"},{"introduced":"0"},{"last_affected":"9.4.0"},{"introduced":"0"},{"last_affected":"9.4.0"},{"introduced":"0"},{"last_affected":"9.4.1"},{"introduced":"0"},{"last_affected":"9.4.1"},{"introduced":"0"},{"last_affected":"9.4.2"},{"introduced":"0"},{"last_affected":"9.4.2"},{"introduced":"0"},{"last_affected":"9.4.3"},{"introduced":"0"},{"last_affected":"9.4.3"}]}}],"versions":["v1.2.0","v1.2.0pre","v1.2.1","v1.2.2","v2.3.0","v2.3.0pre","v2.3.1","v2.4.0","v2.4.0pre","v2.4.1","v2.5.0","v2.6.0","v2.6.0pre","v2.6.1","v2.6.2","v2.6.3","v2.7.0","v2.7.0pre","v2.8.0","v2.8.0pre","v2.8.1","v2.8.2","v2.9.0","v2.9.1","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.1.0","v4.0.0","v4.0.0rc1","v4.0.0rc2","v5.0.0","v5.1.0","v5.2.0","v5.3.0","v6.0.0","v6.0.0-ee","v6.0.0-ee.beta","v6.0.0-ee.rc1","v6.1.0-ee","v6.2.0","v6.3.0","v6.3.0-ee","v6.3.1-ee","v6.4.0","v6.4.0-ee","v6.4.0.pre1","v6.4.0.pre2","v6.4.0.pre3","v6.5.0","v6.5.0-ee","v6.5.0.rc1","v6.6.0","v6.6.0-ee","v6.6.0.pre1","v6.6.0.rc1","v6.7.0-ee","v6.7.0.rc1","v6.7.0.rc1-ee","v6.8.0-ee","v7.0.0","v7.0.0-ee","v7.0.0.rc1","v7.1.0","v7.1.0-ee","v7.1.0.rc1","v7.1.0.rc1-ee","v7.2.0.rc1","v7.2.0.rc1-ee","v7.2.0.rc2","v7.2.0.rc2-ee","v7.2.0.rc3","v7.2.0.rc3-ee","v7.2.0.rc4","v7.2.0.rc4-ee","v7.2.0.rc5","v7.2.0.rc5-ee","v7.3.0","v7.3.0-ee","v7.3.0.rc1","v7.3.0.rc1-ee","v8.11.0.pre","v8.13.0.pre","v8.14.0.pre","v8.15.0.pre","v8.16.0.pre","v8.17.0-ee","v8.17.0-rc1-ee","v8.17.0-rc2-ee","v8.17.0-rc3-ee","v8.17.0-rc4-ee","v8.17.0-rc5-ee","v8.17.0.pre","v8.17.1-ee","v8.17.2-ee","v8.17.3-ee","v8.17.4-ee","v8.17.5-ee","v8.17.6-ee","v8.17.7-ee","v8.18.0.pre","v9.0.0-ee","v9.0.0-rc1-ee","v9.0.0-rc2-ee","v9.0.0-rc3-ee","v9.0.0-rc4-ee","v9.0.0-rc5-ee","v9.0.0-rc6-ee","v9.0.0-rc7-ee","v9.0.1-ee","v9.0.10-ee","v9.0.11-ee","v9.0.12-ee","v9.0.2-ee","v9.0.3-ee","v9.0.4-ee","v9.0.5-ee","v9.0.6-ee","v9.0.7-ee","v9.0.8-ee","v9.0.9-ee","v9.1.0-ee","v9.1.0-rc1-ee","v9.1.0-rc2-ee","v9.1.0-rc3-ee","v9.1.0-rc4-ee","v9.1.0-rc5-ee","v9.1.0-rc6-ee","v9.1.0-rc7-ee","v9.1.0.pre","v9.1.1-ee","v9.1.2-ee","v9.1.3-ee","v9.1.4-ee","v9.1.5-ee","v9.1.6-ee","v9.1.7-ee","v9.1.8-ee","v9.1.9-ee","v9.2.0-ee","v9.2.0-rc1-ee","v9.2.0-rc2-ee","v9.2.0-rc3-ee","v9.2.0-rc4-ee","v9.2.0-rc5-ee","v9.2.0-rc6-ee","v9.2.0-rc7-ee","v9.2.0.pre","v9.2.1-ee","v9.2.2-ee","v9.2.3-ee","v9.2.4-ee","v9.2.5-ee","v9.2.6-ee","v9.2.7-ee","v9.2.8-ee","v9.2.9-ee","v9.3.0-ee","v9.3.0-rc1-ee","v9.3.0-rc2-ee","v9.3.0-rc3-ee","v9.3.0-rc4-ee","v9.3.0-rc5-ee","v9.3.0-rc6-ee","v9.3.0-rc7-ee","v9.3.0.pre","v9.3.1-ee","v9.3.2-ee","v9.3.3-ee","v9.3.4-ee","v9.3.5-ee","v9.3.6-ee","v9.3.7-ee","v9.3.8-ee","v9.3.9-ee","v9.4.0-ee","v9.4.0-rc1-ee","v9.4.0-rc2-ee","v9.4.0-rc3-ee","v9.4.0-rc4-ee","v9.4.0-rc5-ee","v9.4.0-rc6-ee","v9.4.1-ee","v9.4.2-ee","v9.4.3-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12426.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}