GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/git-lfs/git-lfs(Go) | 0 | 2.1.1-0.20170519163204-f913f5f9c7c6 | N/A |
CVSS Metrics
