CVE-2024-52006Improper Encoding or Escaping of Output in GIT

CWE-116Improper Encoding or Escaping of OutputCWE-147Improper Neutralization of Input TerminatorsCWE-150Improper Neutralization of Escape, Meta, or Control Sequences12 documents7 sources
Severity
2.1LOWNVD
CNA9.3OSV7.5
EPSS
1.0%
top 22.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GITDebian Linux
Timeline
PublishedJan 14
Latest updateJan 15

Description

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

NVDgit/git2.41.02.41.3+8
Debiangit/git< 1:2.30.2-1+deb11u4+3
Ubuntugit/git< 1:2.25.1-1ubuntu3.14+4
CVEListV5git/git2.40.3+8

Also affects: Debian Linux 11.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
git vulnerabilities2026-01-15
OSV
git vulnerabilities2025-02-27
CVEList
Newline confusion in credential helpers can lead to credential exfiltration in git2025-01-14
OSV
git vulnerabilities2025-01-14
OSV
CVE-2024-52006: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full acce2025-01-14

📋Vendor Advisories

5
Ubuntu
Git vulnerabilities2026-01-15
Ubuntu
Git vulnerabilities2025-02-27
Red Hat
git: Newline confusion in credential helpers can lead to credential exfiltration in git2025-01-14
Ubuntu
Git vulnerabilities2025-01-14
Debian
CVE-2024-52006: git - Git is a fast, scalable, distributed revision control system with an unusually r...2024

🕵️Threat Intelligence

1
Wiz
CVE-2025-66413 Impact, Exploitability, and Mitigation Steps | Wiz