14 matches found
Exploit for Interpretation Conflict in Git-Scm Git
CVE-2025-48384 PoC This repository demons...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
Improper Input Validation
git is vulnerable to improper input validation. The vulnerability is due to improper handling of carriage return CR characters in configuration and submodule paths, which allows an attacker to exploit the altered path and potentially trigger unintended execution of a submodule’s post-checkout hoo...
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
GitHub: CVE-2025-48384 Git Symlink Vulnerability
CVE-2025-48384 is regarding a vulnerability in Git where when reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a...
CLSA-2025-1737153672 git: Fix of CVE-2024-32002
CVE-2024-32002: fix submodule paths to not contain symlinks...
CLSA-2024-1727797025 Fix CVE(s): CVE-2024-32002
SECURITY UPDATE: Hardlink creation to arbitrary user-readable files - debian/patches/CVE-2024-32002.patch: submodule paths must not contain symlinks - CVE-2024-32002...
CLSA-2024-1718028901 git: Fix of CVE-2024-32002
CVE-2024-32002: fix submodule paths to not contain symlinks...
git: Remote code execution in recursive clones with nested submodules
A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. A remote attacker could abuse this flaw to trick a victim user into cloning a...
USN-3791-1 git vulnerability
It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used...