CVE-2024-32004
Git vulnerable to Remote Code Execution while cloning special-crafted local repositories
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
Git es un sistema de control de revisiones. Antes de las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4, un atacante puede preparar un repositorio local de tal manera que, cuando se clone, ejecute código arbitrario durante la operación. El problema se solucionó en las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4. Como workaround, evite clonar repositorios de fuentes que no sean de confianza.
A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-04-08 CVE Reserved
- 2024-05-14 CVE Published
- 2024-05-20 First Exploit
- 2024-06-27 EPSS Updated
- 2024-08-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-114: Process Control
CAPEC
References (10)
| URL | Date | SRC |
|---|---|---|
| https://github.com/Wadewfsssss/CVE-2024-32004 | 2024-05-20 | |
| https://github.com/10cks/CVE-2024-32004-POC | 2024-05-20 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-32004 | 2024-09-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2280428 | 2024-09-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | 2.45.0 Search vendor "Git" for product "Git" and version "2.45.0" | en |
Affected
| ||||||
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | 2.44.0 Search vendor "Git" for product "Git" and version "2.44.0" | en |
Affected
| ||||||
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | >= 2.43.0 < 2.43.4 Search vendor "Git" for product "Git" and version " >= 2.43.0 < 2.43.4" | en |
Affected
| ||||||
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | >= 2.42.0 < 2.42.2 Search vendor "Git" for product "Git" and version " >= 2.42.0 < 2.42.2" | en |
Affected
| ||||||
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | 2.41.0 Search vendor "Git" for product "Git" and version "2.41.0" | en |
Affected
| ||||||
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | >= 2.40.0 < 2.40.2 Search vendor "Git" for product "Git" and version " >= 2.40.0 < 2.40.2" | en |
Affected
| ||||||
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | < 2.39.4 Search vendor "Git" for product "Git" and version " < 2.39.4" | en |
Affected
| ||||||