CVSS: 3.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50349 – Git does not sanitize URLs when asking for credentials interactively
https://notcve.org/view.php?id=CVE-2024-50349
14 Jan 2025 — Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escap... • https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 • CWE-116: Improper Encoding or Escaping of Output CWE-147: Improper Neutralization of Input Terminators CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-52006 – Newline confusion in credential helpers can lead to credential exfiltration in git
https://notcve.org/view.php?id=CVE-2024-52006
14 Jan 2025 — Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. T... • https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g • CWE-116: Improper Encoding or Escaping of Output CWE-147: Improper Neutralization of Input Terminators CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 57CVE-2024-32002 – Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-32002
14 May 2024 — Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.4... • https://github.com/amalmurali47/git_rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 3CVE-2023-29007 – Arbitrary configuration injection via `git submodule deinit`
https://notcve.org/view.php?id=CVE-2023-29007
25 Apr 2023 — Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attack... • https://github.com/ethiack/CVE-2023-29007 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-25652 – "git apply --reject" partially-controlled arbitrary file write
https://notcve.org/view.php?id=CVE-2023-25652
25 Apr 2023 — Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git app... • http://www.openwall.com/lists/oss-security/2023/04/25/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-23946 – Git's `git apply` overwriting paths outside the working tree
https://notcve.org/view.php?id=CVE-2023-23946
14 Feb 2023 — Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying;... • https://github.com/bruno-1337/CVE-2023-23946-POC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2023-22490 – Git vulnerable to local clone-based data exfiltration with non-local transports
https://notcve.org/view.php?id=CVE-2023-22490
14 Feb 2023 — Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on t... • https://github.com/smash8tap/CVE-2023-22490_PoC • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2022-23521 – gitattributes parsing integer overflow in git
https://notcve.org/view.php?id=CVE-2022-23521
17 Jan 2023 — Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are hu... • https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
17 Jan 2023 — Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commi... • https://github.com/sondermc/git-cveissues • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41953 – Git clone remote code execution vulnerability in git-for-windows
https://notcve.org/view.php?id=CVE-2022-41953
17 Jan 2023 — Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. • https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f • CWE-426: Untrusted Search Path •