View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-14867 severity important: SUSE including 169 source package names (git, git-1.7.12.4-0.18.6.1, …), 297 product×package rows across 52 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (52 product lines)): Fixed 202, Known Not Affected 95.
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.