cbcvebase.
CVE-2024-32465
published 2024-05-14

CVE-2024-32465: Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone…

PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.91%
55.5th percentile
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiangit< git 1:2.39.5-0+deb12u1 (bookworm)git 1:2.39.5-0+deb12u1 (bookworm)
fedoraprojectfedora
git-scmgit< 2.39.42.39.4
git-scmgit
git-scmgit
git-scmgit
git-scmgit>= 2.40.0 < 2.40.22.40.2
git-scmgit>= 2.42.0 < 2.42.22.42.2
git-scmgit>= 2.43.0 < 2.43.42.43.4
gitgit>= 0 < 1:2.30.2-1+deb11u31:2.30.2-1+deb11u3
gitgit>= 0 < 1:2.39.5-0+deb12u11:2.39.5-0+deb12u1
gitgit>= 0 < 1:2.45.1-11:2.45.1-1
gitgit>= 0 < 1:2.45.1-11:2.45.1-1
gitgit>= 0 < 1:2.25.1-1ubuntu3.121:2.25.1-1ubuntu3.12
gitgit>= 0 < 1:2.34.1-1ubuntu1.111:2.34.1-1ubuntu1.11
gitgit>= 0 < 1:2.43.0-1ubuntu7.11:2.43.0-1ubuntu7.1
gitgit>= 0 < 1:2.7.4-0ubuntu1.10+esm81:2.7.4-0ubuntu1.10+esm8
gitgit>= 0 < 1:2.17.1-1ubuntu0.18+esm11:2.17.1-1ubuntu0.18+esm1
msrcazl3_git_2.42.0-2_on_azure_linux_3.0
msrcazl3_git_2.45.2-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_git_2.33.8-2_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.0CRITICAL
vendor_ubuntu9.0CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
vendor_msrc7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.