CVE-2024-32004

CWE-114 CWE-36 CWE-22 — Path Traversal11 documents7 sources

Severity

7.8HIGH

EPSS

2.4%

top 14.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Git-scm GIT Debian Debian Linux +1 more

Timeline

PublishedMay 14

Latest updateSep 19

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5git/git< 2.39.4+6

▶NVDgit-scm/git2.40.0 — 2.40.2+6

▶Debiangit< 1:2.30.2-1+deb11u3+3

▶Ubuntugit< 1:2.25.1-1ubuntu3.12+2

Also affects: Debian Linux 10.0, 11.0, Fedora 40

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

git vulnerabilities↗2024-09-19

▶

OSV

git vulnerabilities↗2024-05-28

▶

OSV

CVE-2024-32004: Git is a revision control system↗2024-05-14

▶

CVEList

Git vulnerable to Remote Code Execution while cloning special-crafted local repositories↗2024-05-14

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2024-09-19

▶

Ubuntu

Git vulnerabilities↗2024-05-28

▶

Red Hat

git: RCE while cloning local repos↗2024-05-14

▶

Microsoft

GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories↗2024-05-14

▶

Debian

CVE-2024-32004: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42...↗2024

▶