6 matches found
CVE-2018-17456
CVE-2018-17456 is a remote code execution in Git triggered when processing a recursive clone of a superproject if a .gitmodules URL starts with a dash. Affected Git versions include 2.14.5 and later 2.15.x/2.16.x/2.17.x/2.18.x/2.19.x before the fixed releases listed (e.g., 2.14.5 and subsequent u...
CVE-2018-11235
CVE-2018-11235 affects Git prior to 2.17.1 (and also 2.13.7, 2.14.4, 2.15.2, 2.16.4, 2.17.1 as listed in advisories). A crafted .gitmodules file can cause directory traversal in submodule names, leading to a malicious project triggering a chain where submodule names are appended to $GIT_DIR/modul...
CVE-2019-1387
CVE-2019-1387 affects Git prior to the fix in 2.24.1, due to too-lax validation of submodule names during recursive clones. This could allow remote code execution when cloning a repository with submodules. Public advisories note the vulnerability and cite fixes in Git versions 2.24.1 and later; s...
CVE-2018-11233
CVE-2018-11233 affects Git on NTFS pathname sanity checking, causing potential out-of-bounds reads. Affected: Git versions before 2.13.7, and 2.14.x/2.15.x/2.16.x/2.17.x before the listed patch levels. Impact: potential information disclosure and/or memory access concerns; no explicit exploitatio...
CVE-2019-1348
CVE-2019-1348 affects Git prior to 2.24.1 (including 2.23.1, 2.22.2, 2.21.1, etc.). The root cause is that the --export-marks feature of git fast-import is exposed through the in-stream command export-marks=... mechanism, which can overwrite arbitrary paths. This creates a local-attack surface wh...
CVE-2019-1353
CVE-2019-1353 concerns Git behavior under Windows Subsystem for Linux (WSL) when accessing a Windows NTFS working directory, where NTFS protections were not active. Connected documents link a related issue in libgit2 (NTFS filename handling) that can enable remote code execution during repository...