CVE-2019-19604 - log back

CVE-2019-19604 edited at 11 Dec 2019 08:53:02
Description
- A security issue has been found in git before 2.41.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
+ A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
CVE-2019-19604 edited at 10 Dec 2019 21:53:28
Description
- It is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
+ A security issue has been found in git before 2.41.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
CVE-2019-19604 edited at 10 Dec 2019 21:41:12
References
https://lkml.org/lkml/2019/12/10/905
+ https://github.com/git/git/commit/c1547450748fcbac21675f2681506d2d80351a19
CVE-2019-19604 edited at 10 Dec 2019 21:38:13
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ It is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that.
References
+ https://lkml.org/lkml/2019/12/10/905
CVE-2019-19604 created at 10 Dec 2019 21:12:02
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes