CVE-2024-52005 — Improper Encoding or Escaping of Output in GIT

CWE-116 — Improper Encoding or Escaping of Output CWE-150 — Improper Neutralization of Escape, Meta, or Control Sequences CWE-838 — Inappropriate Encoding for Output Context5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT Debian GIT

Timeline

PublishedJan 15

Description

Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequ…

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDgit/git2.41.0 — 2.41.3+8

▶CVEListV5git/git8 versions+7

▶debiandebian/git

🔴Vulnerability Details

OSV

CVE-2024-52005: Git is a source code management tool↗2025-01-15

▶

📋Vendor Advisories

Red Hat

git: The sideband payload is passed unfiltered to the terminal in git↗2025-01-15

▶

Debian

CVE-2024-52005: git - Git is a source code management tool. When cloning from a server (or fetching, o...↗2024

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66413 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶