Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:git-scm:git:1.5.3:rc4
There are 16 matching records.
Displaying matches 1 through 16.
Vuln ID Summary CVSS Severity

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,

Published: March 09, 2021; 3:15:13 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.1 MEDIUM

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.

Published: April 21, 2020; 3:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

Git before, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

Published: February 11, 2020; 9:15:10 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

Published: December 10, 2019; 7:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

Published: November 23, 2018; 3:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

Published: May 30, 2018; 12:29:00 AM -0400
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

Published: May 30, 2018; 12:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Published: February 09, 2018; 6:29:00 PM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

Published: October 14, 2017; 6:29:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

Published: October 04, 2017; 9:29:04 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

Published: September 28, 2017; 9:34:50 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.0 HIGH

contrib/completion/ in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

Published: March 19, 2017; 8:59:00 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Published: April 08, 2016; 10:59:02 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH

The imap-send command in GIT before does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published: March 08, 2013; 4:55:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM

Cross-site scripting (XSS) vulnerability in Gitweb and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

Published: December 17, 2010; 2:00:20 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH