Published: 11/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 829

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Arbitrary command execution is possible in Git prior to 2.20.2, 2.21.x prior to 2.21.1, 2.22.x prior to 2.22.2, 2.23.x prior to 2.23.1, and 2.24.x prior to 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

Vulnerable Product	Search on Vulmon	Subscribe to Product
git-scm git
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 30
fedoraproject fedora 31
opensuse leap 15.1

Several security issues were fixed in Git ...

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system CVE-2019-1348 It was reported that the --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=, allowing to overwrite arbitrary paths CVE-2019-1387 It was discovered that s ...

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the conten ...

Git mistakes some paths for relative paths allowing writing outside of the worktree while cloning (CVE-2019-1351) NTFS protections inactive when running Git in the Windows Subsystem for Linux (CVE-2019-1353) remote code execution in recursive clones with nested submodules (CVE-2019-1387) Arbitrary path overwriting via export-marks command option (C ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1073 git 2240-1 2241-1 High Testing ...

oss-sec mailing list archives   By Date By Thread </form>    Multiple vulnerabilities fixed in Git   From: Johannes Schindelin <Joh ...

CWE-78 CWE-862 https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.24.1.txt https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md https://www.debian.org/security/2019/dsa-4581 http://www.openwall.com/lists/oss-security/2019/12/13/1 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html https://security.gentoo.org/glsa/202003-30 http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCYSSCA5ZTEP46SB4XRPSQGFV2L3NKMZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/https://usn.ubuntu.com/4220-1/https://nvd.nist.gov

CVE-2019-19604

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect