CVE-2017-1000117

8.8
8.8 / 10
HIGH

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

Weakness: URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Published: 2017-10-05

Community Advisory

Improve Advisory

CVE-2017-1000117 Exploits (25)

Show all exploits (+15):

Official CVE References

View references (12)