Vulnerabilities > GIT SCM > GIT > 2.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-14 | CVE-2017-15298 | Resource Exhaustion vulnerability in multiple products Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. | 5.5 |
| 2017-10-05 | CVE-2017-1000117 | Open Redirect vulnerability in Git-Scm GIT A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. | 8.8 |
| 2017-09-29 | CVE-2017-14867 | OS Command Injection vulnerability in multiple products Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. | 8.8 |
| 2016-04-08 | CVE-2016-2324 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. | 9.8 |