CVE-2019-19604 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
Group Package Affected Fixed Severity Status Ticket
AVG-1073 git 2.24.0-1 2.24.1-1 High Fixed
Date Advisory Group Package Severity Description
18 Dec 2019 ASA-201912-6 AVG-1073 git High arbitrary code execution
References
https://lkml.org/lkml/2019/12/10/905
https://github.com/git/git/commit/c1547450748fcbac21675f2681506d2d80351a19