Описание
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file.
Меры по смягчению последствий
Avoid running git fast-import on untrusted input.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | git | Out of support scope | ||
| Red Hat Enterprise Linux 7 | git | Will not fix | ||
| Red Hat Fuse 7 | camel-git | Not affected | ||
| Red Hat JBoss Fuse 6 | camel-git | Not affected | ||
| Red Hat Enterprise Linux 8 | git | Fixed | RHSA-2019:4356 | 19.12.2019 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | git | Fixed | RHSA-2020:0228 | 27.01.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-git218-git | Fixed | RHSA-2020:0002 | 02.01.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-git218-git | Fixed | RHSA-2020:0002 | 02.01.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | rh-git218-git | Fixed | RHSA-2020:0002 | 02.01.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-git218-git | Fixed | RHSA-2020:0002 | 02.01.2020 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...
Уязвимость опции быстрого импорта --export-marks распределенной системы управления версиями Git, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных
3.3 Low
CVSS3