Is CVE-2018-19486 actively exploited?

CVE-2018-19486 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-19486?

CVE-2018-19486 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-19486?

Patch guidance is available from git-scm security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-19486.

Fix CVE-2018-19486 - CRITICAL git-scm git

Q: Which products are affected by CVE-2018-19486?

3 products: git-scm git, canonical ubuntu linux, canonical ubuntu linux.

Description

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-426

Metadata

Primary Vendor: GIT-SCM
Published: 11/23/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2018-19486

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary