Описание
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution.
Меры по смягчению последствий
Avoid running git clone --recurse-submodules and git submodule update with untrusted repositories.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | git | Not affected | ||
| Red Hat Enterprise Linux 7 | git | Will not fix | ||
| Red Hat Fuse 7 | camel-git | Not affected | ||
| Red Hat JBoss Fuse 6 | camel-git | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected | ||
| Red Hat Enterprise Linux 8 | git | Fixed | RHSA-2019:4356 | 19.12.2019 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | git | Fixed | RHSA-2020:0228 | 27.01.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-git218-git | Fixed | RHSA-2020:0002 | 02.01.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-git218-git | Fixed | RHSA-2020:0002 | 02.01.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
A remote code execution vulnerability exists when Git for Visual Studi ...
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
EPSS
7.5 High
CVSS3