suse · CVE-2017-8386

Quick triage

Priority: medium Published: 2021-05-30 13:56:10 UTC Updated: 2026-04-17 16:10:41 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-8386 severity moderate: SUSE including 174 source package names (emacs-git-1.8.3.1-11.el7, emacs-git-el-1.8.3.1-11.el7, …), 226 product×package rows across 39 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise High Performance Computing 12 SP5, … (39 product lines)): Fixed 226.

Description:

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

cvelogic Threat Intelligence