CVE-2019-1387 log

Severity Medium
Remote Yes
Type Arbitrary code execution
A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
Group Package Affected Fixed Severity Status Ticket
AVG-1075 libgit2 1:0.28.3-1 1:0.28.4-1 High Fixed
AVG-1073 git 2.24.0-1 2.24.1-1 High Fixed
Date Advisory Group Package Severity Type
18 Dec 2019 ASA-201912-6 AVG-1073 git High arbitrary code execution
18 Dec 2019 ASA-201912-5 AVG-1075 libgit2 High arbitrary code execution