An issue exists in libgit2 prior to 0.28.4 and 0.9x prior to 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libgit2 libgit2 |
||
debian debian linux 9.0 |