Miggo Logo

CVE-2015-8968: git-fastclone permits arbitrary shell command execution from .gitmodules

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.85617%
Published
8/15/2018
Updated
8/29/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
git-fastclonerubygems< 1.0.11.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of submodule URLs that use the 'ext' protocol, which allows arbitrary command execution. The patch in version 1.0.1 introduced protocol restrictions via GIT_ALLOW_PROTOCOL, indicating the vulnerable code was responsible for invoking git commands without these safeguards. The attack vector specifically involves submodule processing during recursive clones, pointing to the submodule handling logic as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*it-**st*lon* ***or* *.*.* p*rmits *r*itr*ry s**ll *omm*n* *x**ution *rom .*itmo*ul*s. I* *n *tt**k*r **n instru*t * us*r to run * r**ursiv* *lon* *rom * r*pository t**y *ontrol, t**y **n **t * *li*nt to run *n *r*itr*ry s**ll *omm*n*. *lt*rn*t*ly, i

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* su*mo*ul* URLs t**t us* t** '*xt' proto*ol, w*i** *llows *r*itr*ry *omm*n* *x**ution. T** p*t** in v*rsion *.*.* intro*u*** proto*ol r*stri*tions vi* *IT_*LLOW_PROTO*OL, in*i**tin* t** vuln*r**l* *o**