CVE-2024-32021

CWE-547 CWE-619 documents7 sources

Severity

7.1HIGH

EPSS

0.0%

top 94.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Git-scm GIT Debian Debian Linux +1 more

Timeline

PublishedMay 14

Latest updateSep 19

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` direct…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:LExploitability: 0.8 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5git/git< 2.39.4+6

▶NVDgit-scm/git2.40.0 — 2.40.2+6

▶Alpinegit< 2.39.5-r0+6

▶Debiangit< 1:2.30.2-1+deb11u3+3

Also affects: Debian Linux 10.0, 11.0, Fedora 40

🔴Vulnerability Details

CVEList

Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory↗2024-05-14

▶

OSV

CVE-2024-32021: Git is a revision control system↗2024-05-14

▶

OSV

CVE-2024-32021: Git is a revision control system↗2024-05-14

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2024-09-19

▶

Ubuntu

Git vulnerabilities↗2024-05-28

▶

Microsoft

Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory↗2024-05-14

▶

Red Hat

git: symlink bypass↗2024-05-14

▶

Debian

CVE-2024-32021: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42...↗2024

▶