CVE-2018-19486
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-19486
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19486.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-19486
- Related
- Published
- 2018-11-23T08:29:00Z
- Modified
- 2024-09-18T02:58:43.495063Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
- References
-
- http://www.securityfocus.com/bid/106020
- http://www.securitytracker.com/id/1042166
- https://access.redhat.com/errata/RHSA-2018:3800
- https://security.gentoo.org/glsa/201904-13
- https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
- https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt
- https://usn.ubuntu.com/3829-1/
- https://security.alpinelinux.org/vuln/CVE-2018-19486
- https://security-tracker.debian.org/tracker/CVE-2018-19486
Affected packages
Alpine:v3.6 / git
Package
- Name
- git
- Purl
- pkg:apk/alpine/git?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.7-r2
Affected versions
1.*
1.6.0.4-r1
1.6.0.4-r2
1.6.1-r0
1.6.1.3-r0
1.6.1.3-r1
1.6.2.1-r0
1.6.2.3-r0
1.6.2.4-r0
1.6.2.5-r0
1.6.3.2-r0
1.6.3.3-r0
1.6.4-r0
1.6.4.1-r0
1.6.4.2-r0
1.6.4.2-r1
1.6.4.2-r2
1.6.4.4-r0
1.6.5-r0
1.6.5.2-r0
1.6.5.3-r0
1.6.5.5-r0
1.6.5.6-r0
1.6.5.7-r0
1.6.6-r0
1.6.6.1-r0
1.7.0.2-r0
1.7.0.3-r0
1.7.0.4-r0
1.7.0.5-r0
1.7.0.5-r1
1.7.1-r0
1.7.1-r1
1.7.1-r2
1.7.1.1-r0
1.7.2-r0
1.7.2.1-r0
1.7.2.2-r0
1.7.2.3-r0
1.7.3-r0
1.7.3.1-r0
1.7.3.2-r0
1.7.3.2-r1
1.7.3.3-r0
1.7.3.4-r0
1.7.3.5-r0
1.7.3.5-r1
1.7.4-r0
1.7.4-r1
1.7.4.1-r0
1.7.4.2-r0
1.7.4.4-r0
1.7.4.5-r0
1.7.5.1-r0
1.7.5.1-r1
1.7.5.2-r0
1.7.5.3-r0
1.7.5.4-r0
1.7.5.4-r1
1.7.6-r0
1.7.6.1-r0
1.7.7-r0
1.7.7.1-r0
1.7.7.2-r0
1.7.7.3-r0
1.7.7.4-r0
1.7.8-r0
1.7.8.1-r0
1.7.8.2-r0
1.7.8.3-r0
1.7.8.4-r0
1.7.8.4-r1
1.7.9-r0
1.7.9.1-r0
1.7.9.2-r0
1.7.9.3-r0
1.7.9.4-r0
1.7.9.5-r0
1.7.9.6-r0
1.7.10-r0
1.7.10.1-r0
1.7.10.2-r0
1.7.10.2-r1
1.7.10.3-r0
1.7.10.4-r0
1.7.11-r0
1.7.11.1-r0
1.7.11.1-r1
1.7.11.2-r0
1.7.11.3-r0
1.7.11.4-r0
1.7.11.5-r0
1.7.12-r0
1.7.12.1-r0
1.7.12.2-r0
1.7.12.3-r0
1.7.12.4-r0
1.8.0-r0
1.8.0.1-r0
1.8.0.2-r0
1.8.0.3-r0
1.8.1-r0
1.8.1.1-r0
1.8.1.2-r0
1.8.1.3-r0
1.8.1.4-r0
1.8.1.5-r0
1.8.2-r0
1.8.2.1-r0
1.8.2.2-r0
1.8.2.3-r0
1.8.2.3-r1
1.8.2.3-r2
1.8.3-r0
1.8.3.1-r0
1.8.3.2-r0
1.8.3.3-r0
1.8.3.4-r0
1.8.4-r0
1.8.4.1-r0
1.8.4.2-r0
1.8.4.3-r0
1.8.4.3-r1
1.8.4.3-r2
1.8.5.1-r0
1.8.5.1-r1
1.8.5.1-r2
1.8.5.1-r3
1.8.5.1-r4
1.8.5.2-r0
1.8.5.3-r0
1.8.5.3-r1
1.8.5.4-r0
1.9.0-r0
1.9.1-r0
1.9.2-r0
1.9.2-r1
1.9.2-r2
1.9.3-r0
2.*
2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.2.0-r0
2.2.1-r0
2.2.2-r0
2.3.0-r0
2.3.1-r0
2.3.2-r0
2.3.3-r0
2.3.4-r0
2.3.5-r0
2.3.6-r0
2.3.6-r1
2.3.7-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.4.2-r1
2.4.3-r0
2.4.4-r0
2.4.5-r0
2.4.6-r0
2.4.6-r1
2.5.0-r0
2.5.0-r1
2.5.1-r0
2.5.2-r0
2.5.3-r0
2.6.0-r0
2.6.0-r1
2.6.0-r2
2.6.0-r3
2.6.1-r0
2.6.1-r1
2.6.3-r0
2.6.4-r0
2.7.0-r0
2.7.1-r0
2.7.2-r0
2.7.3-r0
2.7.4-r0
2.8.0-r0
2.8.0-r1
2.8.1-r0
2.8.2-r0
2.8.3-r0
2.8.4-r0
2.9.0-r0
2.9.1-r0
2.9.2-r0
2.9.3-r0
2.10.0-r0
2.10.1-r0
2.10.2-r0
2.11.0-r0
2.11.1-r0
2.12.1-r0
2.12.2-r0
2.12.2-r1
2.13.0-r0
2.13.5-r0
2.13.7-r0
2.13.7-r1
Alpine:v3.8 / git
Package
- Name
- git
- Purl
- pkg:apk/alpine/git?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.18.1-r1
Affected versions
1.*
1.6.0.4-r1
1.6.0.4-r2
1.6.1-r0
1.6.1.3-r0
1.6.1.3-r1
1.6.2.1-r0
1.6.2.3-r0
1.6.2.4-r0
1.6.2.5-r0
1.6.3.2-r0
1.6.3.3-r0
1.6.4-r0
1.6.4.1-r0
1.6.4.2-r0
1.6.4.2-r1
1.6.4.2-r2
1.6.4.4-r0
1.6.5-r0
1.6.5.2-r0
1.6.5.3-r0
1.6.5.5-r0
1.6.5.6-r0
1.6.5.7-r0
1.6.6-r0
1.6.6.1-r0
1.7.0.2-r0
1.7.0.3-r0
1.7.0.4-r0
1.7.0.5-r0
1.7.0.5-r1
1.7.1-r0
1.7.1-r1
1.7.1-r2
1.7.1.1-r0
1.7.2-r0
1.7.2.1-r0
1.7.2.2-r0
1.7.2.3-r0
1.7.3-r0
1.7.3.1-r0
1.7.3.2-r0
1.7.3.2-r1
1.7.3.3-r0
1.7.3.4-r0
1.7.3.5-r0
1.7.3.5-r1
1.7.4-r0
1.7.4-r1
1.7.4.1-r0
1.7.4.2-r0
1.7.4.4-r0
1.7.4.5-r0
1.7.5.1-r0
1.7.5.1-r1
1.7.5.2-r0
1.7.5.3-r0
1.7.5.4-r0
1.7.5.4-r1
1.7.6-r0
1.7.6.1-r0
1.7.7-r0
1.7.7.1-r0
1.7.7.2-r0
1.7.7.3-r0
1.7.7.4-r0
1.7.8-r0
1.7.8.1-r0
1.7.8.2-r0
1.7.8.3-r0
1.7.8.4-r0
1.7.8.4-r1
1.7.9-r0
1.7.9.1-r0
1.7.9.2-r0
1.7.9.3-r0
1.7.9.4-r0
1.7.9.5-r0
1.7.9.6-r0
1.7.10-r0
1.7.10.1-r0
1.7.10.2-r0
1.7.10.2-r1
1.7.10.3-r0
1.7.10.4-r0
1.7.11-r0
1.7.11.1-r0
1.7.11.1-r1
1.7.11.2-r0
1.7.11.3-r0
1.7.11.4-r0
1.7.11.5-r0
1.7.12-r0
1.7.12.1-r0
1.7.12.2-r0
1.7.12.3-r0
1.7.12.4-r0
1.8.0-r0
1.8.0.1-r0
1.8.0.2-r0
1.8.0.3-r0
1.8.1-r0
1.8.1.1-r0
1.8.1.2-r0
1.8.1.3-r0
1.8.1.4-r0
1.8.1.5-r0
1.8.2-r0
1.8.2.1-r0
1.8.2.2-r0
1.8.2.3-r0
1.8.2.3-r1
1.8.2.3-r2
1.8.3-r0
1.8.3.1-r0
1.8.3.2-r0
1.8.3.3-r0
1.8.3.4-r0
1.8.4-r0
1.8.4.1-r0
1.8.4.2-r0
1.8.4.3-r0
1.8.4.3-r1
1.8.4.3-r2
1.8.5.1-r0
1.8.5.1-r1
1.8.5.1-r2
1.8.5.1-r3
1.8.5.1-r4
1.8.5.2-r0
1.8.5.3-r0
1.8.5.3-r1
1.8.5.4-r0
1.9.0-r0
1.9.1-r0
1.9.2-r0
1.9.2-r1
1.9.2-r2
1.9.3-r0
2.*
2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.2.0-r0
2.2.1-r0
2.2.2-r0
2.3.0-r0
2.3.1-r0
2.3.2-r0
2.3.3-r0
2.3.4-r0
2.3.5-r0
2.3.6-r0
2.3.6-r1
2.3.7-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.4.2-r1
2.4.3-r0
2.4.4-r0
2.4.5-r0
2.4.6-r0
2.4.6-r1
2.5.0-r0
2.5.0-r1
2.5.1-r0
2.5.2-r0
2.5.3-r0
2.6.0-r0
2.6.0-r1
2.6.0-r2
2.6.0-r3
2.6.1-r0
2.6.1-r1
2.6.3-r0
2.6.4-r0
2.7.0-r0
2.7.1-r0
2.7.2-r0
2.7.3-r0
2.7.4-r0
2.8.0-r0
2.8.0-r1
2.8.1-r0
2.8.2-r0
2.8.3-r0
2.8.4-r0
2.9.0-r0
2.9.1-r0
2.9.2-r0
2.9.3-r0
2.10.0-r0
2.10.1-r0
2.10.2-r0
2.11.0-r0
2.11.1-r0
2.12.1-r0
2.12.2-r0
2.12.2-r1
2.13.0-r0
2.13.1-r0
2.13.2-r0
2.13.2-r1
2.13.3-r0
2.13.3-r1
2.13.4-r0
2.14.0-r0
2.14.0-r1
2.14.1-r0
2.14.1-r1
2.14.2-r0
2.14.3-r0
2.15.0-r0
2.15.0-r1
2.15.0-r2
2.15.1-r0
2.16.0-r0
2.16.1-r0
2.16.2-r0
2.16.3-r0
2.16.3-r1
2.17.0-r0
2.17.1-r0
2.18.0-r0
2.18.1-r0
Debian:11 / git
Package
- Name
- git
- Purl
- pkg:deb/debian/git?arch=source
Debian:12 / git
Package
- Name
- git
- Purl
- pkg:deb/debian/git?arch=source
Debian:13 / git
Package
- Name
- git
- Purl
- pkg:deb/debian/git?arch=source