What is the severity of CVE-2024-52005?

CVE-2024-52005 has been rated as a moderate severity vulnerability.

How do I fix CVE-2024-52005?

To mitigate CVE-2024-52005, users should upgrade to the latest version of Git that addresses this vulnerability.

What type of issue is CVE-2024-52005 related to?

CVE-2024-52005 involves an issue with message transportation via the sideband channel in Git.

Which versions of Git are affected by CVE-2024-52005?

CVE-2024-52005 primarily affects certain versions of Git, so it's important to check the release notes for your specific version.

Is CVE-2024-52005 exploitable in production environments?

Yes, CVE-2024-52005 can potentially be exploited in production environments if the mitigation is not applied.

Vulnerability/
CVE-2024-52005

high

7.5

CWE

116 150

15/1/2025

CVE-2024-52005: The sideband payload is passed unfiltered to the terminal in git

First published: Wed Jan 15 2025(Updated: )

Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Git

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-52005?
CVE-2024-52005 has been rated as a moderate severity vulnerability.
How do I fix CVE-2024-52005?
To mitigate CVE-2024-52005, users should upgrade to the latest version of Git that addresses this vulnerability.
What type of issue is CVE-2024-52005 related to?
CVE-2024-52005 involves an issue with message transportation via the sideband channel in Git.
Which versions of Git are affected by CVE-2024-52005?
CVE-2024-52005 primarily affects certain versions of Git, so it's important to check the release notes for your specific version.
Is CVE-2024-52005 exploitable in production environments?
Yes, CVE-2024-52005 can potentially be exploited in production environments if the mitigation is not applied.

agent/weakness
agent/title
agent/references
agent/first-publish-date
agent/type
agent/description
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/event
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/git
canonical/git

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.