CVE-2019-1387 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1075 | libgit2 | 1:0.28.3-1 | 1:0.28.4-1 | High | Fixed | |
| AVG-1073 | git | 2.24.0-1 | 2.24.1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 18 Dec 2019 | ASA-201912-6 | AVG-1073 | git | High | arbitrary code execution |
| 18 Dec 2019 | ASA-201912-5 | AVG-1075 | libgit2 | High | arbitrary code execution |
| References |
|---|
https://github.com/git/git/commit/a8dee3ca610f5a1d403634492136c887f83b59d2 https://lkml.org/lkml/2019/12/10/905 |