14 matches found
CVE-2023-23946
Git is affected by CVE-2023-23946. Prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8, a crafted input to git apply can cause a path outside the working tree to be overwritten by the running user. A fix is prepared and will be released in the list...
CVE-2023-29007
Git CVE-2023-29007 affects multiple Git versions prior to 2.30.9–2.40.1. A bug in config.c (git_config_copy_or_rename_section_in_file) allows injection of arbitrary configuration via a long .gitmodules submodule URL, enabling execution of user-controlled executables when removing a submodule sect...
CVE-2023-25652
CVE-2023-25652 affects Git before 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1.** The vulnerability arises when feeding specially crafted input to git apply --reject, which can cause a path outside the working tree to be overwritten with partially con...
CVE-2022-24765
CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...
CVE-2020-11008
Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.
CVE-2018-11235
CVE-2018-11235 affects Git prior to 2.17.1 (and also 2.13.7, 2.14.4, 2.15.2, 2.16.4, 2.17.1 as listed in advisories). A crafted .gitmodules file can cause directory traversal in submodule names, leading to a malicious project triggering a chain where submodule names are appended to $GIT_DIR/modul...
CVE-2024-32465
Git vulnerability CVE-2024-32465 affects local-cloning scenarios and can allow arbitrary code execution when cloning repositories from untrusted sources. Astra Linux documents indicate affected Git before 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, with patches in 2.45.1, 2.44.1, ...
CVE-2024-32021
CVE-2024-32021 affects Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. When cloning a local repository that contains symlinks over the filesystem, Git may create hardlinks to arbitrary user-readable files in the destination repo’s objects/ directory. Also, clonin...
CVE-2018-11233
CVE-2018-11233 affects Git on NTFS pathname sanity checking, causing potential out-of-bounds reads. Affected: Git versions before 2.13.7, and 2.14.x/2.15.x/2.16.x/2.17.x before the listed patch levels. Impact: potential information disclosure and/or memory access concerns; no explicit exploitatio...
CVE-2021-40330
CVE-2021-40330 affects the Git project: in git_connect_git (connect.c) of Git before 2.30.1, a repository path can contain a newline character, which may trigger unexpected cross-protocol requests as demonstrated by a crafted git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 sequence. The vulne...
CVE-2022-29187
CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...
CVE-2022-24975
Technical details about CVE-2022-24975 are not publicly provided in the supplied documents. No vendor/product/version specifics or fixes are described here. Monitor for updates from official advisories.
CVE-2008-5516
CVE-2008-5516 affects Git-related web interface gitweb (1.5.x up to 1.5.5). The issue arises in the gitweb.cgi script’s handling of git_search input, where shell metacharacters are not properly sanitized, enabling an unauthenticated remote attacker to execute arbitrary commands on the server with...
CVE-2010-2542
Git: Privilege escalation vulnerability CVE-2010-2542 — stack-based buffer overflow in is_git_directory (setup.c) in Git up to 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file. Affected: Git before 1.7.2.1. Impact: local privilege escalation. Mitigation: upgra...