CVE-2019-1348
published 2020-01-24CVE-2019-1348: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks…
low3.3CVSS 3.1
AVLACLPRLUINSUCNILAN
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | — | — |
| debian | git | < git 1:2.24.0-2 (bookworm) | git 1:2.24.0-2 (bookworm) |
| git-scm | git | >= 2.14.0 < 2.14.6 | 2.14.6 |
| git-scm | git | >= 2.15.0 < 2.15.4 | 2.15.4 |
| git-scm | git | >= 2.16.0 < 2.16.6 | 2.16.6 |
| git-scm | git | >= 2.17.0 < 2.17.3 | 2.17.3 |
| git-scm | git | >= 2.18.0 < 2.18.2 | 2.18.2 |
| git-scm | git | >= 2.19.0 < 2.19.3 | 2.19.3 |
| git-scm | git | >= 2.20.0 < 2.20.2 | 2.20.2 |
| git-scm | git | >= 2.21.0 < 2.21.1 | 2.21.1 |
| git-scm | git | >= 2.22.0 < 2.22.2 | 2.22.2 |
| git-scm | git | >= 2.23.0 < 2.23.1 | 2.23.1 |
| git-scm | git | >= 2.24.0 < 2.24.1 | 2.24.1 |
| git | git | >= 0 < 1:2.24.0-2 | 1:2.24.0-2 |
| git | git | >= 0 < 1:2.24.0-2 | 1:2.24.0-2 |
| git | git | >= 0 < 1:2.24.0-2 | 1:2.24.0-2 |
| git | git | >= 0 < 1:2.24.0-2 | 1:2.24.0-2 |
| microsoft_corporation | git | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv3.3LOW