CVE-2017-1000117

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

Related Vulnerabilities

CVE-2016-9078

HIGH
CVSS:8.8(High)

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it load...

CWE-6012016

CVE-2017-1156

HIGH
CVSS:8.8(High)

IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attack...

CWE-6012017

CVE-2017-11879

HIGH
CVSS:8.8(High)

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

CWE-6012017

CVE-2019-10751

HIGH
CVSS:8.8(High)

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory...

CWE-6012019

CVE-2022-41204

HIGH
CVSS:8.8(High)

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from ...

CWE-6012022

CVE-2024-26504

HIGH
CVSS:8.8(High)

An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter.

CWE-6012024