First published: Tue Apr 21 2020(Updated: )
Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/git | <1:2.20.1-2ubuntu1.19.10.3 | 1:2.20.1-2ubuntu1.19.10.3 |
=19.10 | ||
All of | ||
ubuntu/git | <1:2.17.1-1ubuntu0.7 | 1:2.17.1-1ubuntu0.7 |
=18.04 | ||
All of | ||
ubuntu/git | <1:2.7.4-0ubuntu1.9 | 1:2.7.4-0ubuntu1.9 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Git vulnerability is USN-4334-1.
This vulnerability could allow a remote attacker to trick Git into returning credential information for a wrong host.
The versions affected by this vulnerability are 2.20.1-2ubuntu1.19.10.3, 2.17.1-1ubuntu0.7, and 2.7.4-0ubuntu1.9.
To fix this vulnerability, update Git to version 2.20.1-2ubuntu1.19.10.3, 2.17.1-1ubuntu0.7, or 2.7.4-0ubuntu1.9 depending on your Ubuntu version.
You can find more information about this vulnerability on the Ubuntu Security Notice USN-4334-1 page.