CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 3CVE-2023-29007 – Arbitrary configuration injection via `git submodule deinit`
https://notcve.org/view.php?id=CVE-2023-29007
25 Apr 2023 — Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attack... • https://github.com/ethiack/CVE-2023-29007 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 9%CPEs: 13EXPL: 0CVE-2023-25652 – "git apply --reject" partially-controlled arbitrary file write
https://notcve.org/view.php?id=CVE-2023-25652
25 Apr 2023 — Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git app... • http://www.openwall.com/lists/oss-security/2023/04/25/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-23946 – Git's `git apply` overwriting paths outside the working tree
https://notcve.org/view.php?id=CVE-2023-23946
14 Feb 2023 — Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying;... • https://github.com/bruno-1337/CVE-2023-23946-POC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2023-22490 – Git vulnerable to local clone-based data exfiltration with non-local transports
https://notcve.org/view.php?id=CVE-2023-22490
14 Feb 2023 — Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on t... • https://github.com/smash8tap/CVE-2023-22490_PoC • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 10.0EPSS: 10%CPEs: 10EXPL: 0CVE-2022-23521 – gitattributes parsing integer overflow in git
https://notcve.org/view.php?id=CVE-2022-23521
17 Jan 2023 — Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are hu... • https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 18%CPEs: 10EXPL: 1CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
17 Jan 2023 — Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commi... • https://github.com/sondermc/git-cveissues • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41953 – Git clone remote code execution vulnerability in git-for-windows
https://notcve.org/view.php?id=CVE-2022-41953
17 Jan 2023 — Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. • https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 2%CPEs: 14EXPL: 2CVE-2022-39253 – Git subject to exposure of sensitive information via local clone of symbolic links
https://notcve.org/view.php?id=CVE-2022-39253
18 Oct 2022 — Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via... • https://github.com/ssst0n3/docker-cve-2022-39253-poc • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2022-39260 – Git vulnerable to Remote Code Execution via Heap overflow in `git shell`
https://notcve.org/view.php?id=CVE-2022-39260
18 Oct 2022 — Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Beca... • http://seclists.org/fulldisclosure/2022/Nov/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-29187 – Bypass of safe.directory protections in Git
https://notcve.org/view.php?id=CVE-2022-29187
12 Jul 2022 — Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch fo... • http://seclists.org/fulldisclosure/2022/Nov/1 • CWE-282: Improper Ownership Management CWE-427: Uncontrolled Search Path Element •