Vulnerability Name:

CVE-2018-7032

Assigned:2018-02-14
Published:2018-02-14
Updated:2018-02-14
Summary:webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.
CVSS v3 Severity:
CVSS v2 Severity:
References:Source: MISC
Type: UNKNOWN
https://bugs.debian.org/840014

Oval Definitions
Definition IDClassTitleLast Modified
oval:com.ubuntu.artful:def:20187032000
V
CVE-2018-7032 on Ubuntu 17.10 (artful) - untriaged.
2018-02-14
oval:com.ubuntu.trusty:def:20187032000
V
CVE-2018-7032 on Ubuntu 14.04 LTS (trusty) - untriaged.
2018-02-14
oval:com.ubuntu.xenial:def:20187032000
V
CVE-2018-7032 on Ubuntu 16.04 LTS (xenial) - untriaged.
2018-02-14
BACK