cbcvebase.
CVE-2019-1353
published 2020-01-24

CVE-2019-1353: An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the…

PriorityP347critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.23%
80.5th percentile
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiangit< git 1:2.24.0-2 (bookworm)git 1:2.24.0-2 (bookworm)
debianlibgit2< libgit2 0.28.4+dfsg.1-2 (bookworm)libgit2 0.28.4+dfsg.1-2 (bookworm)
dulwich_projectdulwich>= 0.10.0 < 1.2.51.2.5
git-scmgit>= 2.14.0 < 2.14.62.14.6
git-scmgit>= 2.15.0 < 2.15.42.15.4
git-scmgit>= 2.16.0 < 2.16.62.16.6
git-scmgit>= 2.17.0 < 2.17.32.17.3
git-scmgit>= 2.18.0 < 2.18.22.18.2
git-scmgit>= 2.19.0 < 2.19.32.19.3
git-scmgit>= 2.20.0 < 2.20.22.20.2
git-scmgit>= 2.21.0 < 2.21.12.21.1
git-scmgit>= 2.22.0 < 2.22.22.22.2
git-scmgit>= 2.23.0 < 2.23.12.23.1
git-scmgit>= 2.24.0 < 2.24.12.24.1
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
gitgit>= 0 < 1:2.24.0-21:2.24.0-2
jelmerdulwich
libgit2libgit2< 0.28.40.28.4
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2
libgit2libgit2>= 0 < 0.28.4+dfsg.1-20.28.4+dfsg.1-2

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.