CVE-2019-1387 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
Group Package Affected Fixed Severity Status Ticket
AVG-1075 libgit2 1:0.28.3-1 1:0.28.4-1 High Fixed
AVG-1073 git 2.24.0-1 2.24.1-1 High Fixed
Date Advisory Group Package Severity Description
18 Dec 2019 ASA-201912-6 AVG-1073 git High arbitrary code execution
18 Dec 2019 ASA-201912-5 AVG-1075 libgit2 High arbitrary code execution
References
https://github.com/git/git/commit/a8dee3ca610f5a1d403634492136c887f83b59d2
https://lkml.org/lkml/2019/12/10/905