CVE-2024-32002
published 2024-05-14CVE-2024-32002: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in…
PriorityP269critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
25.33%
97.7th percentile
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | — | — |
| debian | git | < git 1:2.39.5-0+deb12u1 (bookworm) | git 1:2.39.5-0+deb12u1 (bookworm) |
| git | git | < 2.39.4 | 2.39.4 |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | >= 0 < 1:2.30.2-1+deb11u3 | 1:2.30.2-1+deb11u3 |
| git | git | >= 0 < 1:2.39.5-0+deb12u1 | 1:2.39.5-0+deb12u1 |
| git | git | >= 0 < 1:2.45.1-1 | 1:2.45.1-1 |
| git | git | >= 0 < 1:2.45.1-1 | 1:2.45.1-1 |
| git | git | >= 0 < 1:2.25.1-1ubuntu3.12 | 1:2.25.1-1ubuntu3.12 |
| git | git | >= 0 < 1:2.25.1-1ubuntu3.13 | 1:2.25.1-1ubuntu3.13 |
| git | git | >= 0 < 1:2.34.1-1ubuntu1.11 | 1:2.34.1-1ubuntu1.11 |
| git | git | >= 0 < 1:2.43.0-1ubuntu7.1 | 1:2.43.0-1ubuntu7.1 |
| git | git | >= 0 < 1:2.7.4-0ubuntu1.10+esm8 | 1:2.7.4-0ubuntu1.10+esm8 |
| git | git | >= 0 < 1:2.17.1-1ubuntu0.18+esm1 | 1:2.17.1-1ubuntu0.18+esm1 |
| git | git | >= 2.40.0 < 2.40.2 | 2.40.2 |
| git | git | >= 2.42.0 < 2.42.2 | 2.42.2 |
| git | git | >= 2.43.0 < 2.43.4 | 2.43.4 |
| jelmer | dulwich | — | — |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.4 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.6 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector: crafted repository with submodules where the submodule path resolves to `.git/` directory (e.g., `.git/hooks`), allowing attacker-controlled files to be written into the victim's `.git/hooks/` directory with executable bits preserved ↗
- →Dulwich-specific attack path: malicious `.gitmodules` with a submodule `path` set to `.git/hooks` (or any directory inside `.git/`) causes attacker tree contents to be written into `.git/hooks/` with executable mode bits, triggering RCE on any subsequent hook-invoking command ↗
- →Exploitation requires case-insensitive filesystems with symbolic link support enabled; disabling symlinks via `git config --global core.symlinks false` prevents the attack ↗
- →Monitor for `git clone --recurse-submodules` or `porcelain.clone(..., recurse_submodules=True)` operations against untrusted repositories, especially where submodule paths resolve inside `.git/` ↗
- ·Disabling symbolic link support in Git fully mitigates this attack; enforce `core.symlinks = false` globally on systems that clone untrusted repositories ↗
- ·Dulwich versions 0.23.2 through <1.2.5 are independently vulnerable via `dulwich.porcelain.submodule_update` and `porcelain.clone(..., recurse_submodules=True)` — patch to 1.2.5 required; Git patches alone do not cover dulwich ↗
- ·Git fixed versions are 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4; systems running older versions remain vulnerable during recursive clone operations ↗
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
osv9.0CRITICAL
vendor_oracle9.8CRITICAL
vendor_debian9.0CRITICAL
vendor_msrc9.0CRITICAL
vendor_redhat9.0CRITICAL
vendor_ubuntu9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
git vulnerabilities
osv·2024-09-19·CVSS 2.2
CVE-2023-25815 [LOW] git vulnerabilities
git vulnerabilities
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. This issue was fixed
in Ubuntu 16.04 LTS. (CVE-2023-25815)
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code. This
issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attac
OSV
git vulnerability
osv·2024-06-18·CVSS 9.0
CVE-2024-32002 [CRITICAL] git vulnerability
git vulnerability
USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further
investigation. This update fixes the problem.
Original advisory details:
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
OSV
git vulnerabilities
osv·2024-05-28·CVSS 9.0
CVE-2024-32002 [CRITICAL] git vulnerabilities
git vulnerabilities
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32004)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target's local system. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An attacker
could possibly use this issue to impact availability and integrity
creating hardlinked
OSV
CVE-2024-32002: Git is a revision control system
osv·2024-05-14·CVSS 9.0
CVE-2024-32002 [CRITICAL] CVE-2024-32002: Git is a revision control system
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Ubuntu
Git vulnerabilities
vendor_ubuntu·2024-09-19·CVSS 3.3
CVE-2024-32021 [LOW] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. This issue was fixed
in Ubuntu 16.04 LTS. (CVE-2023-25815)
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code. This
issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)
It was discovered that Git incorrectly hand
Apple
CVE-2024-32002: Xcode 16
vendor_apple·2024-09-16·CVSS 9.0
CVE-2024-32002 [CRITICAL] CVE-2024-32002: Xcode 16
Apple Security Update: About the security content of Xcode 16
Product: Xcode
Version: 16
CVE: CVE-2024-32002
Component: CVE-2024-32002
Ubuntu
Git vulnerability
vendor_ubuntu·2024-06-18·CVSS 9.0
CVE-2024-32002 [CRITICAL] Git vulnerability
Title: Git vulnerability
Summary: Git could be made to run programs as your login if it clones
a crafted repository.
USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further
investigation. This update fixes the problem.
Original advisory details:
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Git vulnerabilities
vendor_ubuntu·2024-05-28·CVSS 9.0
CVE-2024-32021 [CRITICAL] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32004)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target's local system. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An attacker
could possibly use this iss
Red Hat
git: Recursive clones RCE
vendor_redhat·2024-05-14·CVSS 9.0
CVE-2024-32002 [CRITICAL] CWE-22 git: Recursive clones RCE
git: Recursive clones RCE
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted source
Microsoft
GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
vendor_msrc·2024-05-14·CVSS 9.0
CVE-2024-32002 [CRITICAL] CWE-22 GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
FAQ: Why is this GitHub CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Visual Studio: Visual Studio
Github: Github
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: http
Oracle
Oracle Oracle JD Edwards Risk Matrix: One-Click Provisioning (Node.js) — CVE-2023-32002
vendor_oracle·2024-01-15·CVSS 9.8
CVE-2023-32002 [CRITICAL] Oracle Oracle JD Edwards Risk Matrix: One-Click Provisioning (Node.js) — CVE-2023-32002
Oracle Oracle JD Edwards Risk Matrix: One-Click Provisioning (Node.js) vulnerability
CVE: CVE-2023-32002
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Debian
CVE-2024-32002: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42...
vendor_debian·2024·CVSS 9.0
CVE-2024-32002 [CRITICAL] CVE-2024-32002: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42...
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Scope: local
bookworm: r
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-52726 dulwich: Dulwich: Arbitrary code execution via crafted Git submodules
bugzilla·2026-06-10·CVSS 9.0
CVE-2026-52726 [CRITICAL] CVE-2026-52726 dulwich: Dulwich: Arbitrary code execution via crafted Git submodules
CVE-2026-52726 dulwich: Dulwich: Arbitrary code execution via crafted Git submodules
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious `.gitmodules` plus a matching tree gitlink whose `path` is `.git/hooks` (or any other directory inside the parent repository's `.git` directory) causes the attacker's submodule tree contents to be written directly into the victim's `.git/hooks/` directory, preserving executable mode bits. The dropped executables are then run by any subsequent `git` or `
Bugzilla
CVE-2024-32002 git: Recursive clones RCE
bugzilla·2024-05-14·CVSS 9.0
CVE-2024-32002 [CRITICAL] CVE-2024-32002 git: Recursive clones RCE
CVE-2024-32002 git: Recursive clones RCE
Repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed.
Discussion:
Created git tracking bugs for this issue:
Affects: fedora-all [bug 2280422]
---
Created rubygem-dynect_rest tracking bugs for this issue:
Affects: epel-all [bug 2280423]
Created rubygem-rouge tracking bugs for this issue:
Affects: fedora-all [bug 2280424]
Created rubygem-stringex tracking bugs for this issue:
Affects: fedora-all [bug 2280425]
Created swiftlint tracking bugs f
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
# The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs
2024/05/14
Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8. This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory protec
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
## The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs 2024/05/14 Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8 . This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory prote
Tenable
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
blogs_tenable·2024-05-14·CVSS 8.8
[HIGH] Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
blogs_bleepingcomputer·2024-05-14·CVSS 8.8
[HIGH] Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Lawrence Abrams
17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5037771 cumulative update and the Windows 10 KB5037768 update .
## Three zero-days fixed
This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day as a flaw
CTF
ippsec-video-index
ctf_writeups·CVSS 8.6
[HIGH] ippsec-video-index
# IppSec HTB Video Index - Complete Reference
> The most comprehensive index of IppSec's HackTheBox video walkthroughs.
> Data sourced from [ippsec.rocks](https://ippsec.rocks) dataset, GitHub, and community resources.
> Last updated: 2026-04-10
## Stats
| Category | Count |
|----------|-------|
| HTB Machine Walkthroughs | 432 |
| UHC (Ultimate Hacking Championship) | 12 |
| HTB Sherlocks (DFIR) | 7 |
| VulnHub Machines | 4 |
| Tutorials / Methodology / Special | 61 |
| HTB Academy Modules | 17 |
| **Total Unique Content** | **533** |
| Total Searchable Entries (timestamps) | 9,245 |
## Key Resources
| Resource | URL |
|----------|-----|
| YouTube Channel | [youtube.com/ippsec](https://youtube.com/ippsec) |
| Searchable Video Index | [ippsec.rocks](https://ippsec.rocks) |
| GitHub |
http://www.openwall.com/lists/oss-security/2024/05/14/2https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgthttps://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinkshttps://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991dhttps://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgvhttps://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/http://www.openwall.com/lists/oss-security/2024/05/14/2https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgthttps://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinkshttps://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991dhttps://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgvhttps://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
2024-05-14
Published