CVE-2019-19604 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1073	git	2.24.0-1	2.24.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
18 Dec 2019	ASA-201912-6	AVG-1073	git	High	arbitrary code execution

References
https://lkml.org/lkml/2019/12/10/905 https://github.com/git/git/commit/c1547450748fcbac21675f2681506d2d80351a19