Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-21284

Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

    XMLWordPrintable

    Details

    • CVSS Score:
      9.1
    • CVSS Severity:
      Critical

      Description

      A remote code exeecution vulnerability was recently discovered in Git LFS:

      https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html

      Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution.

      Please determine if Bamboo is vulnerable. If it is definitively determined not to be affected, please close this as a false positive. If it is vulnerable, please work on remediating the issue.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: