Overview
- Description
- Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
- Source
- security-advisories@github.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Vulnerabilidad crítica en GIT. CVE-2024-32002: permite la ejecución remota de código (RCE) simplemente clonando un repositorio.
@carlos_dagorret
Nov 3, 2024 12:04 PM
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/yRnQgrlhjc 闲逛看到CVE-2024-32002,git clone 的RCE漏洞,可以执行代码,6个月前就爆了,这个大洞居然没啥印象 影响 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4 之前的git版本 临时修复方式: git config --global core.symlinks false 随便clone有风险,各位X友当心 https://t.co/ZLNVAm8QHv
@jokimina_
Nov 1, 2024 8:32 AM
117 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67C50136-86FF-4BCF-B21F-5F09947CF6AC",
"versionEndExcluding": "2.39.4"
},
{
"criteria": "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28F0EBE5-AAB1-4BC8-B3CA-5F0B3D71642B",
"versionEndExcluding": "2.40.2",
"versionStartIncluding": "2.40.0"
},
{
"criteria": "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "790B191F-6DD7-4F0A-96BD-BAD5CF3F2081",
"versionEndExcluding": "2.42.2",
"versionStartIncluding": "2.42.0"
},
{
"criteria": "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14C6890A-11D9-46CD-AF1D-85FAF61A0AA8",
"versionEndExcluding": "2.43.4",
"versionStartIncluding": "2.43.0"
},
{
"criteria": "cpe:2.3:a:git:git:2.41.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09120A06-22E2-45A6-93B3-913DB7F52788"
},
{
"criteria": "cpe:2.3:a:git:git:2.44.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A641AB1F-0712-43F6-B7D6-E19D1D88D3C3"
},
{
"criteria": "cpe:2.3:a:git:git:2.45.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E742D5F-55D2-47D7-A3CC-C359A4555E7E"
}
],
"operator": "OR"
}
]
}
]