Improper Input Validation in git

Do your applications use this vulnerable package? Test your applications

Overview

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

References

ADVISORY
CONFIRM
CONFIRM
Debian Security Advisory
Debian Security Tracker
Fedora Security Update
Fedora Security Update
GENTOO
MISC
OSS security Advisory
SUSE
SUSE
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-19604
CWE: CWE-20
Snyk ID: SNYK-DEBIAN10-GIT-537145
Disclosed: 11 Dec, 2019
Published: 10 Dec, 2019

Improper Input Validation
Affecting git package, versions <1:2.20.1-2+deb10u1

Overview

References

CVSS Score

Improper Input Validation Affecting git package, versions <1:2.20.1-2+deb10u1

Overview

References

Improper Input Validation
Affecting git package, versions <1:2.20.1-2+deb10u1