5 matches found
CVE-2020-5260
CVE-2020-5260 affects Git by newline-injection in the credential helper protocol, enabling a crafted URL to exfiltrate credentials from one host to another. Affected Git releases were patched in April 2020; fixes are in 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26....
CVE-2020-11008
Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.
CVE-2019-1348
CVE-2019-1348 affects Git prior to 2.24.1 (including 2.23.1, 2.22.2, 2.21.1, etc.). The root cause is that the --export-marks feature of git fast-import is exposed through the in-stream command export-marks=... mechanism, which can overwrite arbitrary paths. This creates a local-attack surface wh...
CVE-2019-1353
CVE-2019-1353 concerns Git behavior under Windows Subsystem for Linux (WSL) when accessing a Windows NTFS working directory, where NTFS protections were not active. Connected documents link a related issue in libgit2 (NTFS filename handling) that can enable remote code execution during repository...
CVE-2014-9390
CVE-2014-9390 describes a remote command-execution risk in Git and several VCS clients when interacting with repositories on case-insensitive filesystems. A crafted .git/config in a tree can trigger arbitrary commands on the server/client, depending on the tool. Affected versions (per provided so...