CVE-2024-50349Improper Encoding or Escaping of Output in GIT

CWE-116Improper Encoding or Escaping of OutputCWE-147Improper Neutralization of Input TerminatorsCWE-150Improper Neutralization of Escape, Meta, or Control Sequences12 documents7 sources
Severity
2.1LOWNVD
EPSS
1.1%
top 21.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GITDebian Linux
Timeline
PublishedJan 14
Latest updateJan 15

Description

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contai

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages4 packages

NVDgit/git2.41.02.41.3+8
Debiangit/git< 1:2.30.2-1+deb11u4+3
Ubuntugit/git< 1:2.25.1-1ubuntu3.14+4
CVEListV5git/git2.40.3+8

Also affects: Debian Linux 11.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
git vulnerabilities2026-01-15
OSV
git vulnerabilities2025-02-27
OSV
git vulnerabilities2025-01-14
OSV
CVE-2024-50349: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full acce2025-01-14
CVEList
Git does not sanitize URLs when asking for credentials interactively2025-01-14

📋Vendor Advisories

5
Ubuntu
Git vulnerabilities2026-01-15
Ubuntu
Git vulnerabilities2025-02-27
Ubuntu
Git vulnerabilities2025-01-14
Red Hat
git: Git does not sanitize URLs when asking for credentials interactively2025-01-14
Debian
CVE-2024-50349: git - Git is a fast, scalable, distributed revision control system with an unusually r...2024

🕵️Threat Intelligence

1
Wiz
CVE-2025-66413 Impact, Exploitability, and Mitigation Steps | Wiz