CVE-2021-40330
First published: Tue Aug 31 2021(Updated: )
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Git | <2.30.1 | |
| Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2021-40330.
What is the severity of CVE-2021-40330?
The severity of CVE-2021-40330 is high with a CVSS score of 7.5.
What is the affected software for CVE-2021-40330?
The affected software for CVE-2021-40330 is Git before version 2.30.1 and Debian Linux 10.0.
What is the impact of CVE-2021-40330?
CVE-2021-40330 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests.
How can I fix CVE-2021-40330?
To fix CVE-2021-40330, update Git to version 2.30.1 or apply the patch provided by the vendor.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/git-scm
- canonical/git
- vendor/debian
- canonical/debian linux
- version/debian linux/10.0