Git LFS (git-lfs) – Remote Code Execution (RCE) exploit CVE-2020-27955 – Clone to Pwn

Posted by Dawid Golunski on Nov 05

/*
Go PoC exploit for git-lfs – Remote Code Execution (RCE)
vulnerability CVE-2020-27955
git-lfs-RCE-exploit-CVE-2020-27955.go

Discovered by Dawid Golunski
https://legalhackers.com
https://exploitbox.io

Affected (RCE exploit):
Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken /
SmartGit / SourceTree etc.
Basically the whole Windows dev world which uses git.

Usage:
Compile: go build…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source