CVE-2019-1353
First published: Fri Jan 24 2020(Updated: )
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/git | 1:2.20.1-2+deb10u3 1:2.20.1-2+deb10u8 1:2.30.2-1+deb11u2 1:2.39.2-1.1 1:2.42.0-1 | |
| Git-scm Git | >=2.14.0<2.14.6 | |
| Git-scm Git | >=2.15.0<2.15.4 | |
| Git-scm Git | >=2.16.0<2.16.6 | |
| Git-scm Git | >=2.17.0<2.17.3 | |
| Git-scm Git | >=2.18.0<2.18.2 | |
| Git-scm Git | >=2.19.0<2.19.3 | |
| Git-scm Git | >=2.20.0<2.20.2 | |
| Git-scm Git | >=2.21.0<2.21.1 | |
| Git-scm Git | >=2.22.0<2.22.2 | |
| Git-scm Git | >=2.23.0<2.23.1 | |
| Git-scm Git | >=2.24.0<2.24.1 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/pub/scm/git/git.git/commit/?id=9102f958ee5254b10c0be72672aa3305bf4f4704
- https://www.openwall.com/lists/oss-security/2019/12/13/1
- https://security-tracker.debian.org/tracker/CVE-2019-1353
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
- https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u
- https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
- https://security.gentoo.org/glsa/202003-30
- https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u
- https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/
Frequently Asked Questions
What is CVE-2019-1353?
CVE-2019-1353 is a vulnerability found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
What is the severity of CVE-2019-1353?
CVE-2019-1353 has a severity rating of critical with a CVSS score of 9.8.
How does CVE-2019-1353 impact Git on Windows Subsystem for Linux (WSL)?
CVE-2019-1353 affects Git running on WSL while accessing a working directory on a regular Windows drive, bypassing NTFS protections.
How can I fix CVE-2019-1353?
To fix CVE-2019-1353, update Git to version v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, or v2.14.6.
Where can I find more information about CVE-2019-1353?
You can find more information about CVE-2019-1353 on the official Git website and the Debian security tracker.
- collector/security-tracker-debian
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/git-scm
- canonical/git-scm git
- version/git-scm git/2.14.0
- version/git-scm git/2.15.0
- version/git-scm git/2.16.0
- version/git-scm git/2.17.0
- version/git-scm git/2.18.0
- version/git-scm git/2.19.0
- version/git-scm git/2.20.0
- version/git-scm git/2.21.0
- version/git-scm git/2.22.0
- version/git-scm git/2.23.0
- version/git-scm git/2.24.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1