8 matches found
CVE-2021-21300
Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...
CVE-2022-39260
Git Shell command-argument parsing bug (CVE-2022-39260) in pre-2.30.6…2.37.4 allows an attacker with SSH access to a Git shell login to overflow an int-based count when building the argv array, enabling arbitrary heap writes and potential remote code execution via execv(). Affected setups require...
CVE-2025-48384
Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...
CVE-2024-32004
CVE-2024-32004 affects Git and enables arbitrary code execution during cloning when a local repository is crafted by an attacker. It targets pre-patch releases prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Affected versions can execute code during the clone operation if the...
CVE-2019-1387
CVE-2019-1387 affects Git prior to the fix in 2.24.1, due to too-lax validation of submodule names during recursive clones. This could allow remote code execution when cloning a repository with submodules. Public advisories note the vulnerability and cite fixes in Git versions 2.24.1 and later; s...
CVE-2017-1000117
CVE-2017-1000117 is a command-injection vulnerability in Git caused by insufficient validation of ssh:// URL handling, enabling arbitrary code execution when a malicious URL is processed (e.g., via git clone --recurse-submodules or a crafted .gitmodules). The connected advisories confirm the issu...
CVE-2022-41953
CVE-2022-41953 affects Git GUI (Git for Windows). When cloning a repository with Git GUI, post-processing may run a spell checker binary named aspell.exe from the repository’s top-level directory due to Tcl on Windows searching the current directory first. If a malicious repo ships a crafted aspe...
CVE-2014-9938
CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...