9.8 / 10

Git LFS 2.12.0 allows Remote Code Execution.

Weakness: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Published: 2020-10-28

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-27955 Exploits (10)

Official CVE References

View references (6)