cbcvebase.
CVE-2019-1352
published 2020-01-24

CVE-2019-1352: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.

Affected

23 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiangit< git 1:2.24.0-2 (bookworm)git 1:2.24.0-2 (bookworm)
debianlibgit2< libgit2 0.28.4+dfsg.1-2 (bookworm)libgit2 0.28.4+dfsg.1-2 (bookworm)
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
libgit2libgit2< 0.28.40.28.4
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
me-andcygwin-git< 2.31.1-22.31.1-2
microsoftmicrosoft_visual_studio_2017
microsoftmicrosoft_visual_studio_2017_version_15.9
microsoftmicrosoft_visual_studio_2019
microsoftmicrosoft_visual_studio_2019_version_16.4
microsoftvisual_studio_2017>= 15.0 < 15.9.1815.9.18
microsoftvisual_studio_2019>= 16.0 < 16.4.116.4.1
msrcmicrosoft_visual_studio_2017_version_15.0
msrcmicrosoft_visual_studio_2017_version_15.9
msrcmicrosoft_visual_studio_2019_version_16.0
msrcmicrosoft_visual_studio_2019_version_16.4

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH