Arbitrary Path Overwrite Vulnerability in Git by Git SCM
CVE-2019-1348

3.3LOW

Key Information:

Vendor
Microsoft
Status
Git
Vendor
CVE Published:
24 January 2020

Summary

An issue in Git prior to version 2.24.1 exposes the --export-marks option via the fast-import in-stream command feature. This vulnerability can allow attackers to overwrite arbitrary paths in the file system, potentially compromising the integrity of data and system security. It is crucial for users of affected Git versions to upgrade to the recommended versions to mitigate such risks.

Affected Version(s)

Git Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6

References

https://support.apple.com/kb/HT210729
x_refsource_CONFIRM
https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct...
x_refsource_MISC
https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-c...
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.