Arbitrary command execution is possible in Git prior to 2.20.2, 2.21.x prior to 2.21.1, 2.22.x prior to 2.22.2, 2.23.x prior to 2.23.1, and 2.24.x prior to 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
git-scm git |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
opensuse leap 15.1 |