7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.903 High
EPSS
Percentile
98.8%
Git is an open-source distributed revision control system. In affected
versions of Git a specially crafted repository that contains symbolic links
as well as files using a clean/smudge filter such as Git LFS, may cause
just-checked out script to be executed while cloning onto a
case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default
file systems on Windows and macOS). Note that clean/smudge filters have to
be configured for that. Git for Windows configures Git LFS by default, and
is therefore vulnerable. The problem has been patched in the versions
published on Tuesday, March 9th, 2021. As a workaound, if symbolic link
support is disabled in Git (e.g. via git config --global core.symlinks false
), the described attack wonβt work. Likewise, if no clean/smudge
filters such as Git LFS are configured globally (i.e. before cloning),
the attack is foiled. As always, it is best to avoid cloning repositories
from untrusted sources. The earliest impacted version is 2.14.2. The fix
versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4,
2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.903 High
EPSS
Percentile
98.8%