Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-1387

UNKNOWN
Published 2019-12-18T20:11:53
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-1387. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Microsoft Corporation

Git

Affected Versions:

Before v2.24.1 Before v2.23.1 Before v2.22.2 Before v2.21.1 Before v2.20.2 Before v2.19.3 Before v2.18.2 Before v2.17.3 Before v2.16.6 Before v2.15.4 Before v2.14.6
git

git

Affected Versions:

0 0 0 0 0 0 0 0 0 0 0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-9mhc-h3vf-83fw

Advisory Details

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-1387
WEB https://access.redhat.com/errata/RHSA-2019:4356
WEB https://access.redhat.com/errata/RHSA-2020:0002
WEB https://access.redhat.com/errata/RHSA-2020:0124
WEB https://access.redhat.com/errata/RHSA-2020:0228
WEB https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html
WEB https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP
WEB https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u
WEB https://lore.kernel.org/git/[email protected]/T/#u
WEB https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com
WEB https://public-inbox.org/git/[email protected]
WEB https://security.gentoo.org/glsa/202003-30
WEB https://security.gentoo.org/glsa/202003-42
WEB http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
WEB http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: June 26, 2024

References

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u
https://access.redhat.com/errata/RHSA-2019:4356
https://access.redhat.com/errata/RHSA-2020:0002
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/
https://access.redhat.com/errata/RHSA-2020:0124
https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html
https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
https://access.redhat.com/errata/RHSA-2020:0228
https://security.gentoo.org/glsa/202003-30
https://security.gentoo.org/glsa/202003-42
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
Published: 2019-12-18T20:11:53
Last Modified: 2024-08-04T18:13:30.492Z
Copied to clipboard!