CVE-2019-1387 - log back

CVE-2019-1387 edited at 11 Dec 2019 08:53:10
Description
- A security issue has been found in git before 2.41.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
+ A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
CVE-2019-1387 edited at 10 Dec 2019 21:53:48
Description
- Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
+ A security issue has been found in git before 2.41.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
CVE-2019-1387 edited at 10 Dec 2019 21:51:05
Severity
- Low
+ Medium
CVE-2019-1387 edited at 10 Dec 2019 21:46:21
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
References
+ https://github.com/git/git/commit/a8dee3ca610f5a1d403634492136c887f83b59d2
+ https://lkml.org/lkml/2019/12/10/905
Notes
CVE-2019-1387 created at 10 Dec 2019 21:09:06