Latest git-scm git Vulnerabilities

CVE-2023-29007
Arbitrary configuration injection via `git submodule deinit`
Microsoft Visual Studio 2017 (includes 15.0 - 15.8)=15.9
redhat/git<0:1.8.3.1-25.el7_9
redhat/git<0:2.39.3-1.el8_8
redhat/git<0:2.18.4-3.el8_1
redhat/git<0:2.18.4-4.el8_2
redhat/git<0:2.27.0-4.el8_4
and 23 more
CVE-2023-25652
"git apply --reject" partially-controlled arbitrary file write
redhat/git<0:1.8.3.1-25.el7_9
redhat/git<0:2.39.3-1.el8_8
redhat/git<0:2.18.4-3.el8_1
redhat/git<0:2.18.4-4.el8_2
redhat/git<0:2.27.0-4.el8_4
redhat/git<0:2.31.1-4.el8_6
and 35 more
CVE-2023-22490
Git vulnerable to local clone-based data exfiltration with non-local transports
redhat/git<0:2.39.3-1.el8_8
redhat/git<0:2.39.3-1.el9_2
<2.30.8
>=2.31.0<2.31.7
>=2.32.0<2.32.6
>=2.33.0<2.33.7
and 16 more
CVE-2023-23946
Git's `git apply` overwriting paths outside the working tree
redhat/git<0:2.39.3-1.el8_8
redhat/git<0:2.39.3-1.el9_2
<2.30.8
>=2.31.0<2.31.7
>=2.32.0<2.32.6
>=2.33.0<2.33.7
and 21 more
CVE-2022-41953
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositor...
Git-scm Git<2.39.1
Microsoft Windows
CVE-2022-23521
gitattributes parsing integer overflow in git
redhat/git<0:1.8.3.1-24.el7_9
redhat/git<0:2.31.1-3.el8_7
redhat/git<0:2.18.4-2.el8_1
redhat/git<0:2.18.4-3.el8_2
redhat/git<0:2.27.0-3.el8_4
redhat/git<0:2.31.1-3.el8_6
and 23 more
CVE-2022-41903
Integer overflow in `git archive`, `git log --format` leading to RCE in git
redhat/git<0:1.8.3.1-24.el7_9
redhat/git<0:2.31.1-3.el8_7
redhat/git<0:2.18.4-2.el8_1
redhat/git<0:2.18.4-3.el8_2
redhat/git<0:2.27.0-3.el8_4
redhat/git<0:2.31.1-3.el8_6
and 23 more
CVE-2022-39253
Git subject to exposure of sensitive information via local clone of symbolic links
redhat/git<0:2.39.1-1.el8
redhat/git<0:2.39.1-1.el9
<2.30.6
>=2.31.0<2.31.5
>=2.32.0<2.32.4
>=2.33.0<2.33.5
and 33 more
CVE-2022-39260
Git vulnerable to Remote Code Execution via Heap overflow in `git shell`
redhat/git<0:2.39.1-1.el8
redhat/git<0:2.39.1-1.el9
<2.30.6
>=2.31.0<2.31.5
>=2.32.0<2.32.4
>=2.33.0<2.33.5
and 33 more
CVE-2022-29187
Bypass of safe.directory protections in Git
redhat/git<0:2.39.1-1.el8
redhat/git<0:2.39.1-1.el9
>=2.30.3<2.30.5
>=2.31.2<2.31.4
>=2.32.1<2.32.3
>=2.33.2<2.33.4
and 29 more
CVE-2022-24765
Uncontrolled search for the Git directory in Git for Windows
redhat/git<2.30.3
redhat/git<2.31.2
redhat/git<2.32.1
redhat/git<2.33.2
redhat/git<2.34.2
redhat/git<2.35.2
and 20 more
CVE-2022-24975
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing ...
Git-scm Git<=2.35.1
<=2.35.1
CVE-2021-40330
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhos...
Git-scm Git<2.30.1
Debian Debian Linux=10.0
CVE-2021-21300
Git. This issue was addressed with improved checks.
Apple Xcode<12.5
Git-scm Git<=2.14.2
Git-scm Git>=2.17.0<2.17.6
Git-scm Git>=2.18.0<2.18.5
Git-scm Git>=2.19.0<2.19.6
Git-scm Git>=2.20.0<2.20.5
and 15 more
CVE-2020-11008
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q)...
ubuntu/git<1:2.17.1-1ubuntu0.7
ubuntu/git<1:2.20.1-2ubuntu1.19.10.3
ubuntu/git<1:2.7.4-0ubuntu1.9
<2.17.5
>=2.18.0<2.18.4
>=2.19.0<2.19.5
and 29 more
CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store a...
ubuntu/git<1:2.17.1-1ubuntu0.6
ubuntu/git<1:2.20.1-2ubuntu1.19.10.2
ubuntu/git<1:2.7.4-0ubuntu1.8
<2.17.4
>=2.22.0<2.22.3
>=2.18.0<2.18.3
and 39 more
CVE-2014-9390
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; m...
Git-scm Git<1.8.5.6
Git-scm Git>=1.9.0<1.9.5
Git-scm Git>=2.0.0<2.0.5
Git-scm Git>=2.1.0<2.1.4
Git-scm Git>=2.2.0<2.2.1
Apple Mac OS X
and 9 more
CVE-2019-1353
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known ...
debian/git
Git-scm Git>=2.14.0<2.14.6
Git-scm Git>=2.15.0<2.15.4
Git-scm Git>=2.16.0<2.16.6
Git-scm Git>=2.17.0<2.17.3
Git-scm Git>=2.18.0<2.18.2
and 7 more
CVE-2019-19604
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can ...
Git-scm Git<2.20.0
Git-scm Git>=2.21.0<2.21.1
Git-scm Git>=2.22.0<2.22.2
Git-scm Git>=2.23.0<2.23.1
Git-scm Git>=2.24.0<2.24.1
Debian Debian Linux=9.0
and 5 more
CVE-2019-1387
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that ...
Git-scm Git>=2.14.0<2.14.6
Git-scm Git>=2.15.0<2.15.4
Git-scm Git>=2.16.0<2.16.6
Git-scm Git>=2.17.0<2.17.3
Git-scm Git>=2.18.0<2.18.2
Git-scm Git>=2.19.0<2.19.3
and 16 more
CVE-2019-1348
Git. An input validation issue was addressed.
debian/git
Git-scm Git>=2.14.0<2.14.6
Git-scm Git>=2.15.0<2.15.4
Git-scm Git>=2.16.0<2.16.6
Git-scm Git>=2.17.0<2.17.3
Git-scm Git>=2.18.0<2.18.2
and 18 more
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, becaus...
redhat/git<2.19.2
Git-scm Git<2.19.2
Linux Linux kernel
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
ubuntu/git<1:2.19.2-1
and 5 more
CVE-2018-17456
A flaw was found in git which allows an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. References: <a href="https://bugzil...
>=2.14.0<2.14.5
>=2.15.0<2.15.3
>=2.16.0<2.16.5
>=2.17.0<2.17.2
>=2.18.0<2.18.1
>=2.19.0<2.19.1
and 53 more
CVE-2018-11233
Git before versions 2.13.7, 2.14.4, 2.15.2, 2.16.4 and 2.17.1 performs path sanity-checks in is_ntfs_dotgit():path.c that can be fooled into reading arbitrary memory. Upstream announcement: <a href="...
ubuntu/git<1:2.17.1-1
ubuntu/git<1:2.7.4-0ubuntu1.4
ubuntu/git<1:2.14.1-1ubuntu4.1
ubuntu/git<1:2.17.1-1ubuntu0.1
ubuntu/git<1:1.9.1-1ubuntu0.8
redhat/git<2.13.7
and 23 more
CVE-2018-11235
A flaw was found in git which allows arbitrary code to be executed when running 'git clone --recurse-submodules` (or the deprecated 'git clone --recursive' synonym). A malicious repository can includ...
redhat/git<2.13.7
redhat/git<2.14.4
redhat/git<2.15.2
redhat/git<2.16.4
redhat/git<2.17.1
ubuntu/git<1:2.17.1-1
and 39 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203