Remote Code Execution Vulnerability in Git Submodule Names Validation
CVE-2019-1387

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Git
Vendor
CVE Published:
18 December 2019

What is CVE-2019-1387?

A vulnerability has been identified in Git affecting recursive clone operations due to insufficient validation of submodule names. This weakness allows malicious actors to craft specially designed submodules, enabling targeted remote code execution attacks. Users of affected Git versions should prioritize updating to mitigate potential risks associated with this security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Git Before v2.24.1

Git Before v2.23.1

Git Before v2.22.2

References

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct...
https://access.redhat.com/errata/RHSA-2019:4356
vendor-advisory
https://access.redhat.com/errata/RHSA-2020:0002
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.