CVE-2024-32465

CWE-22 — Path Traversal9 documents7 sources

Severity

7.8HIGH

EPSS

0.2%

top 63.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Git-scm GIT Debian Debian Linux +1 more

Timeline

PublishedMay 14

Latest updateSep 19

Description

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances wh…

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 0.7 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5git/git< 2.39.4+6

▶NVDgit-scm/git2.40.0 — 2.40.2+6

▶Debiangit< 1:2.30.2-1+deb11u3+3

Also affects: Fedora 40, Debian Linux 10.0, 11.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

git vulnerabilities↗2024-09-19

▶

OSV

CVE-2024-32465: Git is a revision control system↗2024-05-14

▶

CVEList

Git's protections for cloning untrusted repositories can be bypassed↗2024-05-14

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2024-09-19

▶

Ubuntu

Git vulnerabilities↗2024-05-28

▶

Microsoft

Git's protections for cloning untrusted repositories can be bypassed↗2024-05-14

▶

Red Hat

git: additional local RCE↗2024-05-14

▶

Debian

CVE-2024-32465: git - Git is a revision control system. The Git project recommends to avoid working in...↗2024

▶