Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-19604

Опубликовано: 11 дек. 2019
Источник: debian
EPSS Низкий

Описание

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gitfixed1:2.24.0-2package
gitfixed1:2.20.1-2+deb10u1busterpackage
gitnot-affectedstretchpackage
gitnot-affectedjessiepackage

Примечания

  • https://git.kernel.org/pub/scm/git/git.git/commit/?id=e904deb89d9a9669a76a426182506a084d3f6308

  • https://git.kernel.org/pub/scm/git/git.git/commit/?id=bb92255ebe6bccd76227e023d6d0bc997e318ad0

  • https://git.kernel.org/pub/scm/git/git.git/commit/?id=c1547450748fcbac21675f2681506d2d80351a19

  • Upstream did backport fixes for CVE-2019-19604 to older versions as the introducing

  • version for sake of robustness/hardening. In particular, the server-side protection

  • provided by the fsck is useful for protecting unpatched clients that are affected

  • by the bug.

  • https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md

  • https://www.openwall.com/lists/oss-security/2019/12/13/1

EPSS

Процентиль: 80%
0.01339
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-19604

CVSS3: 7.8
ubuntu
около 6 лет назад

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

redhat логотип

CVE-2019-19604

CVSS3: 7.8
redhat
около 6 лет назад

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

nvd логотип

CVE-2019-19604

CVSS3: 7.8
nvd
около 6 лет назад

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

github логотип

GHSA-4vp4-vvrc-wvhx

CVSS3: 7.8
github
больше 3 лет назад

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

fstec логотип

BDU:2020-01458

CVSS3: 8.8
fstec
около 6 лет назад

Уязвимость системы управления версиями GIT, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 80%
0.01339
Низкий