SmartGit git-lfs RCE Exploit CVE-2020-27955




=============================================
- Discovered by: Dawid Golunski (@dawid_golunski)
- dawid[at]legalhackers.com
- https://legalhackers.com
- https://exploitbox.io

- CVE-2020-27955
- Release date: 04.11.2020
- Revision 1.0
- Severity: Critical
=============================================


VULNERABILITY
-------------------------

SmartGit Remote Code Execution (RCE) CVE-2020-27955 (git-lfs)


BACKGROUND
-------------------------

Get your commit done.
SmartGit is a graphical Git client with support for GitHub, Bitbucket and GitLab. SmartGit runs on Windows, macOS and Linux. 

https://www.syntevo.com/smartgit/


Video PoC
-------------------------




Advisories
-------------------------
Git RCE Expoit CVE-2020-27955 
Git-LFS RCE exploit CVE-2020-27955 



Exploits / PoC repos
-------------------------

Git / git-lfs - RCE exploit CVE-2020-27955 - GO version

GitHub - PoC repo - Git / git-lfs - RCE exploit CVE-2020-27955 - BAT/powershell version

GitHub - PoC repo - Git / git-lfs - RCE exploit CVE-2020-27955 - Go version