CVE-2022-39253

Summary (facts grounded to provided docs): CVE-2022-39253 affects Git versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, exposing sensitive data via local clones where source and target are on the same volume. The vulnerability arises when cloning a repository l...

CVE-2023-23946

Git is affected by CVE-2023-23946. Prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8, a crafted input to git apply can cause a path outside the working tree to be overwritten by the running user. A fix is prepared and will be released in the list...

CVE-2023-29007

Git CVE-2023-29007 affects multiple Git versions prior to 2.30.9–2.40.1. A bug in config.c (git_config_copy_or_rename_section_in_file) allows injection of arbitrary configuration via a long .gitmodules submodule URL, enabling execution of user-controlled executables when removing a submodule sect...

CVE-2022-39260

Git Shell command-argument parsing bug (CVE-2022-39260) in pre-2.30.6…2.37.4 allows an attacker with SSH access to a Git shell login to overflow an int-based count when building the argv array, enabling arbitrary heap writes and potential remote code execution via execv(). Affected setups require...

CVE-2023-25652

CVE-2023-25652 affects Git before 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1.** The vulnerability arises when feeding specially crafted input to git apply --reject, which can cause a path outside the working tree to be overwritten with partially con...

CVE-2023-22490

Git prior to 2.39.4–2.39.4 etc. versions 2.30.8–2.39.2 (and 2.31.7, 2.32.6, 2.33.7, 2.34.7, 2.35.7, 2.36.5, 2.37.6, 2.38.4, 2.39.2) can be tricked via local clone optimization when cloning from a non-local transport, allowing potential data exfiltration through manipulating the $GIT_DIR/objects p...

CVE-2022-24765

CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...

CVE-2020-11008

Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.

CVE-2024-32004

CVE-2024-32004 affects Git and enables arbitrary code execution during cloning when a local repository is crafted by an attacker. It targets pre-patch releases prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Affected versions can execute code during the clone operation if the...

CVE-2019-19604

Git before 2.24.1 is vulnerable to arbitrary command execution via recursive submodule updates because a malicious .gitmodules can cause commands to be run. Affected ranges include 2.20.2, 2.21.x, 2.22.x, 2.23.x, and 2.24.x prior to 2.24.1. Remediation: upgrade to Git 2.24.1 or later (UPC/ALAS re...

CVE-2025-48384

Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...

CVE-2024-32465

Git vulnerability CVE-2024-32465 affects local-cloning scenarios and can allow arbitrary code execution when cloning repositories from untrusted sources. Astra Linux documents indicate affected Git before 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, with patches in 2.45.1, 2.44.1, ...

CVE-2024-32020

CVE-2024-32020 concerns Git’s local clone optimization on the same disk, where source and target repositories owned by different users may result in hardlinked files in the target’s object database that can be rewritten by an untrusted user. Affected Git versions prior to 2.45.1, 2.44.1, 2.43.4, ...

CVE-2024-32021

CVE-2024-32021 affects Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. When cloning a local repository that contains symlinks over the filesystem, Git may create hardlinks to arbitrary user-readable files in the destination repo’s objects/ directory. Also, clonin...

CVE-2021-40330

CVE-2021-40330 affects the Git project: in git_connect_git (connect.c) of Git before 2.30.1, a repository path can contain a newline character, which may trigger unexpected cross-protocol requests as demonstrated by a crafted git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 sequence. The vulne...

CVE-2014-9390

CVE-2014-9390 describes a remote command-execution risk in Git and several VCS clients when interacting with repositories on case-insensitive filesystems. A crafted .git/config in a tree can trigger arbitrary commands on the server/client, depending on the tool. Affected versions (per provided so...

CVE-2022-41953

CVE-2022-41953 affects Git GUI (Git for Windows). When cloning a repository with Git GUI, post-processing may run a spell checker binary named aspell.exe from the repository’s top-level directory due to Tcl on Windows searching the current directory first. If a malicious repo ships a crafted aspe...

CVE-2014-9938

CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...

CVE-2018-19486

CVE-2018-19486 : Git before 2.19.2 on Linux/UNIX executes commands from the current working directory in certain cases involving the run_command() API and run-command.c, caused by a change from execvp to execv in 2017. The vulnerability can allow commands to be executed from the current directory...

CVE-2010-2542

Git: Privilege escalation vulnerability CVE-2010-2542 — stack-based buffer overflow in is_git_directory (setup.c) in Git up to 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file. Affected: Git before 1.7.2.1. Impact: local privilege escalation. Mitigation: upgra...