7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
42.5%
A vulnerability in the Git program is related to the input of processed input data - a path outside the working
tree can be overwritten by a user running “git apply”. Exploiting the vulnerability could
allow an attacker acting remotely to run the affected command against a malicious or compromised repository.
compromised repository and overwrite arbitrary files on the system.
A vulnerability in the Git program, related to the insecure handling of symbolic links when using the
local cloning optimization, Git aborts local clones whose source directory is
$GIT_DIR/objects contains symbolic links, but the object directory itself may still be a
symbolic link. Exploiting the vulnerability could allow an attacker acting remotely,
trick the victim into using local cloning optimization to exfiltrate arbitrary files from the victim’s system.
files from the victim’s system.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
42.5%