Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-32002

Опубликовано: 14 мая 2024
Источник: nvd
CVSS3: 9
EPSS Высокий

Описание

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*
Версия до 2.39.4 (исключая)
cpe:2.3:a:git:git:*:*:*:*:*:*:*:*
Версия от 2.40.0 (включая) до 2.40.2 (исключая)
cpe:2.3:a:git:git:*:*:*:*:*:*:*:*
Версия от 2.42.0 (включая) до 2.42.2 (исключая)
cpe:2.3:a:git:git:*:*:*:*:*:*:*:*
Версия от 2.43.0 (включая) до 2.43.4 (исключая)
cpe:2.3:a:git:git:2.41.0:*:*:*:*:*:*:*
cpe:2.3:a:git:git:2.44.0:*:*:*:*:*:*:*
cpe:2.3:a:git:git:2.45.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.73193
Высокий

9 Critical

CVSS3

Дефекты

CWE-22
CWE-59

Связанные уязвимости

ubuntu логотип

CVE-2024-32002

CVSS3: 9
ubuntu
около 1 года назад

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

redhat логотип

CVE-2024-32002

CVSS3: 9
redhat
около 1 года назад

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

msrc логотип

CVE-2024-32002

CVSS3: 9
msrc
около 1 года назад

GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

debian логотип

CVE-2024-32002

CVSS3: 9
debian
около 1 года назад

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...

fstec логотип

BDU:2024-03872

CVSS3: 9
fstec
около 1 года назад

Уязвимость распределенной системы контроля версий Git, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%
0.73193
Высокий

9 Critical

CVSS3

Дефекты

CWE-22
CWE-59