Количество 15
Количество 15
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
CVE-2024-32002
GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...
BDU:2024-03872
Уязвимость распределенной системы контроля версий Git, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код
ROS-20240529-03
Уязвимость git
SUSE-SU-2024:2277-1
Security update for git
SUSE-SU-2024:1854-1
Security update for git
SUSE-SU-2024:1807-1
Security update for git
RLSA-2024:4084
Important: git security update
RLSA-2024:4083
Important: git security update
ELSA-2024-4084
ELSA-2024-4084: git security update (IMPORTANT)
ELSA-2024-4083
ELSA-2024-4083: git security update (IMPORTANT)
SUSE-SU-2025:0197-1
Security update for git
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. | CVSS3: 9 | 73% Высокий | около 1 года назад |
 | CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. | CVSS3: 9 | 73% Высокий | около 1 года назад |
 | CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. | CVSS3: 9 | 73% Высокий | около 1 года назад |
 | CVE-2024-32002 GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution | CVSS3: 9 | 73% Высокий | около 1 года назад |
| CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ... | CVSS3: 9 | 73% Высокий | около 1 года назад |
 | BDU:2024-03872 Уязвимость распределенной системы контроля версий Git, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код | CVSS3: 9 | 73% Высокий | около 1 года назад |
 | ROS-20240529-03 Уязвимость git | CVSS2: 7.6 | 73% Высокий | около 1 года назад |
 | SUSE-SU-2024:2277-1 Security update for git | 12 месяцев назад | ||
| SUSE-SU-2024:1854-1 Security update for git | около 1 года назад | ||
| SUSE-SU-2024:1807-1 Security update for git | около 1 года назад | ||
 | RLSA-2024:4084 Important: git security update | 12 месяцев назад | ||
| RLSA-2024:4083 Important: git security update | 12 месяцев назад | ||
| ELSA-2024-4084 ELSA-2024-4084: git security update (IMPORTANT) | 12 месяцев назад | ||
| ELSA-2024-4083 ELSA-2024-4083: git security update (IMPORTANT) | 12 месяцев назад | ||
| SUSE-SU-2025:0197-1 Security update for git | 5 месяцев назад |
Уязвимостей на страницу