CVE-2019-19604 log

Severity Medium
Remote Yes
Type Arbitrary code execution
A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
Group Package Affected Fixed Severity Status Ticket
AVG-1073 git 2.24.0-1 2.24.1-1 High Fixed
Date Advisory Group Package Severity Type
18 Dec 2019 ASA-201912-6 AVG-1073 git High arbitrary code execution