Vulnerability in Git Credential Helper Affects Multiple Versions
CVE-2024-52006

2.1LOW

Key Information:

Vendor

Git

Status
Git
Vendor
CVE Published:
14 January 2025

What is CVE-2024-52006?

A vulnerability has been identified in Git affecting its credential helpers, particularly in ecosystems like .NET and node.js. This issue arises due to the misinterpretation of single Carriage Return characters as newlines, which compromises the safeguards against previous vulnerabilities. The problem has been rectified in recent versions of Git. Users are strongly advised to update their installations to mitigate risks, and those unable to upgrade should exercise caution when cloning from untrusted URLs, especially when using recursive clones.

Affected Version(s)

git <= 2.40.3 <= 2.40.3

git >= 2.41.0, <= 2.41.2 <= 2.41.0, 2.41.2

git >= 2.42.0, <= 2.42.3 <= 2.42.0, 2.42.3

References

https://github.com/git/git/security/advisories/GHSA-r5ph-...
x_refsource_CONFIRM
https://github.com/git-ecosystem/git-credential-manager/s...
x_refsource_MISC
https://github.com/git/git/security/advisories/GHSA-qm7j-...
x_refsource_MISC

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

.