What is the severity of CVE-2019-1348?

The severity of CVE-2019-1348 is medium with a severity value of 3.3.

What is the affected software of CVE-2019-1348?

The affected software of CVE-2019-1348 includes Git versions before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.

How can I fix CVE-2019-1348?

To fix CVE-2019-1348, update Git to version 2.24.1 or later.

Where can I find more information about CVE-2019-1348?

You can find more information about CVE-2019-1348 at the following references: [1] [2] [3].

What is the CWE ID of CVE-2019-1348?

The CWE ID of CVE-2019-1348 is 20.

Vulnerability/
CVE-2019-1348

low

3.6

CWE

31/10/2019

24/1/2020

4/8/2024

CVE-2019-1348: Input Validation

First published: Thu Oct 31 2019(Updated: )

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

Credit: Pedro Sampaio secure@microsoft.com

Affected Software	Affected Version	How to fix
debian/git		1:2.20.1-2+deb10u3 1:2.20.1-2+deb10u8 1:2.30.2-1+deb11u2 1:2.39.2-1.1 1:2.42.0-1
Git-scm Git	>=2.14.0<2.14.6
Git-scm Git	>=2.15.0<2.15.4
Git-scm Git	>=2.16.0<2.16.6
Git-scm Git	>=2.17.0<2.17.3
Git-scm Git	>=2.18.0<2.18.2
Git-scm Git	>=2.19.0<2.19.3
Git-scm Git	>=2.20.0<2.20.2
Git-scm Git	>=2.21.0<2.21.1
Git-scm Git	>=2.22.0<2.22.2
Git-scm Git	>=2.23.0<2.23.1
Git-scm Git	>=2.24.0<2.24.1
openSUSE Leap	=15.1
redhat/git	<2.24.1	2.24.1
redhat/git	<2.23.1	2.23.1
redhat/git	<2.21.1	2.21.1
redhat/git	<2.20.2	2.20.2
redhat/git	<2.19.3	2.19.3
redhat/git	<2.18.2	2.18.2
redhat/git	<2.17.3	2.17.3
redhat/git	<2.16.6	2.16.6
redhat/git	<2.15.4	2.15.4
redhat/git	<2.14.6	2.14.6
Apple Xcode	<11.2	11.2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

HT210729

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2019-1348?
The severity of CVE-2019-1348 is medium with a severity value of 3.3.
What is the affected software of CVE-2019-1348?
The affected software of CVE-2019-1348 includes Git versions before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
How can I fix CVE-2019-1348?
To fix CVE-2019-1348, update Git to version 2.24.1 or later.
Where can I find more information about CVE-2019-1348?
You can find more information about CVE-2019-1348 at the following references: [1] [2] [3].
What is the CWE ID of CVE-2019-1348?
The CWE ID of CVE-2019-1348 is 20.

collector/security-tracker-debian
collector/nvd-index
collector/apple-support
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-1348
agent/software-canonical-lookup
agent/weakness
agent/severity
agent/author
agent/references
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/git-scm
canonical/git-scm git
version/git-scm git/2.14.0
version/git-scm git/2.15.0
version/git-scm git/2.16.0
version/git-scm git/2.17.0
version/git-scm git/2.18.0
version/git-scm git/2.19.0
version/git-scm git/2.20.0
version/git-scm git/2.21.0
version/git-scm git/2.22.0
version/git-scm git/2.23.0
version/git-scm git/2.24.0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
vendor/apple
canonical/apple xcode
package-manager/redhat