7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
git is vulnerable to Remote Code Execution (RCE). Cloning a specially crafted repository which contains symbolic links as well as a clean/smudge filter such as Git LFS may cause just-checked out scripts to be executed onto a case-insensitive file system.
packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html
seclists.org/fulldisclosure/2021/Apr/60
www.openwall.com/lists/oss-security/2021/03/09/3
git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
git-scm.com/docs/gitattributes#_filter
github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592
github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm
lists.fedoraproject.org/archives/list/[email protected]/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/
lists.fedoraproject.org/archives/list/[email protected]/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/
lists.fedoraproject.org/archives/list/[email protected]/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/
lore.kernel.org/git/[email protected]/
secdb.alpinelinux.org/v3.10/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
security.gentoo.org/glsa/202104-01
support.apple.com/kb/HT212320
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P