CVE-2017-1000214
high-risk
Published 2017-11-27
GitPHP by xiphux is vulnerable to OS Command Injections
Do I need to act?
~
7.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 160621785ee812d6d90e20878bd6175e42c13c94
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (15)
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Gitphp
Affected Vendors
References (4)
Third Party Advisory
https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c9...
Broken Link
https://github.com/xiphux/gitphp/pull/37
Third Party Advisory
https://github.com/Enalean/gitphp/commit/160621785ee812d6d90e20878bd6175e42c13c9...
Broken Link
https://github.com/xiphux/gitphp/pull/37
59
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
9/34 · Low
Exposure
18/34 · Moderate