CVE-2024-32465
published 2024-05-14CVE-2024-32465: Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone…
PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.91%
55.5th percentile
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | git | < git 1:2.39.5-0+deb12u1 (bookworm) | git 1:2.39.5-0+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| git-scm | git | < 2.39.4 | 2.39.4 |
| git-scm | git | — | — |
| git-scm | git | — | — |
| git-scm | git | — | — |
| git-scm | git | >= 2.40.0 < 2.40.2 | 2.40.2 |
| git-scm | git | >= 2.42.0 < 2.42.2 | 2.42.2 |
| git-scm | git | >= 2.43.0 < 2.43.4 | 2.43.4 |
| git | git | >= 0 < 1:2.30.2-1+deb11u3 | 1:2.30.2-1+deb11u3 |
| git | git | >= 0 < 1:2.39.5-0+deb12u1 | 1:2.39.5-0+deb12u1 |
| git | git | >= 0 < 1:2.45.1-1 | 1:2.45.1-1 |
| git | git | >= 0 < 1:2.45.1-1 | 1:2.45.1-1 |
| git | git | >= 0 < 1:2.25.1-1ubuntu3.12 | 1:2.25.1-1ubuntu3.12 |
| git | git | >= 0 < 1:2.34.1-1ubuntu1.11 | 1:2.34.1-1ubuntu1.11 |
| git | git | >= 0 < 1:2.43.0-1ubuntu7.1 | 1:2.43.0-1ubuntu7.1 |
| git | git | >= 0 < 1:2.7.4-0ubuntu1.10+esm8 | 1:2.7.4-0ubuntu1.10+esm8 |
| git | git | >= 0 < 1:2.17.1-1ubuntu0.18+esm1 | 1:2.17.1-1ubuntu0.18+esm1 |
| msrc | azl3_git_2.42.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_git_2.45.2-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_git_2.33.8-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.0CRITICAL
vendor_ubuntu9.0CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
vendor_msrc7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
git vulnerabilities
osv·2024-09-19·CVSS 2.2
CVE-2023-25815 [LOW] git vulnerabilities
git vulnerabilities
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. This issue was fixed
in Ubuntu 16.04 LTS. (CVE-2023-25815)
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code. This
issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attac
OSV
git vulnerabilities
osv·2024-05-28·CVSS 9.0
CVE-2024-32002 [CRITICAL] git vulnerabilities
git vulnerabilities
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32004)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target's local system. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An attacker
could possibly use this issue to impact availability and integrity
creating hardlinked
OSV
CVE-2024-32465: Git is a revision control system
osv·2024-05-14·CVSS 7.8
CVE-2024-32465 [HIGH] CVE-2024-32465: Git is a revision control system
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versi
Ubuntu
Git vulnerabilities
vendor_ubuntu·2024-09-19·CVSS 3.3
CVE-2024-32021 [LOW] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. This issue was fixed
in Ubuntu 16.04 LTS. (CVE-2023-25815)
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code. This
issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)
It was discovered that Git incorrectly hand
Ubuntu
Git vulnerabilities
vendor_ubuntu·2024-05-28·CVSS 9.0
CVE-2024-32021 [CRITICAL] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32004)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target's local system. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An attacker
could possibly use this iss
Microsoft
Git's protections for cloning untrusted repositories can be bypassed
vendor_msrc·2024-05-14·CVSS 7.3
CVE-2024-32465 [HIGH] CWE-22 Git's protections for cloning untrusted repositories can be bypassed
Git's protections for cloning untrusted repositories can be bypassed
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Refer
Red Hat
git: additional local RCE
vendor_redhat·2024-05-14·CVSS 8.1
CVE-2024-32465 [HIGH] CWE-22 git: additional local RCE
git: additional local RCE
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The proble
Debian
CVE-2024-32465: git - Git is a revision control system. The Git project recommends to avoid working in...
vendor_debian·2024·CVSS 8.1
CVE-2024-32465 [HIGH] CVE-2024-32465: git - Git is a revision control system. The Git project recommends to avoid working in...
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versi
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-66413 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66413 [HIGH] CVE-2025-66413 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66413 :
Git for Windows vulnerability analysis and mitigation
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).
Source : NVD
## 7.4
Score
Published March 10, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
Git for Windows
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:git_for_windows_project:git_for_windows
Sources
NV
Bugzilla
CVE-2024-32465 git: additional local RCE
bugzilla·2024-05-14·CVSS 7.8
CVE-2024-32465 [HIGH] CVE-2024-32465 git: additional local RCE
CVE-2024-32465 git: additional local RCE
The Git project recommends to avoid working in untrusted repositories, and instead to clone them first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed.
In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004.
But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a .zip file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository.
Discussion:
Created git tra
http://www.openwall.com/lists/oss-security/2024/05/14/2https://git-scm.com/docs/git#_securityhttps://git-scm.com/docs/git-clonehttps://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4https://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/http://www.openwall.com/lists/oss-security/2024/05/14/2https://git-scm.com/docs/git#_securityhttps://git-scm.com/docs/git-clonehttps://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4https://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
2024-05-14
Published