git

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description the fast distributed version control system
Version 2.27.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1138 2.26.1-1 2.26.2-1 High Fixed
AVG-1133 2.26.0-1 2.26.1-1 High Fixed
AVG-1074 2.24.0-1 2.24.1-1 High Not affected
AVG-1073 2.24.0-1 2.24.1-1 High Fixed
AVG-776 2.19.0-1 2.19.1-1 High Fixed
AVG-711 2.17.0-1 2.17.1-1 Critical Fixed
AVG-377 2.14.0-1 2.14.1-1 Critical Fixed
AVG-267 2.12.2-4 2.13.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-11008 AVG-1138 High Yes Information disclosure
A vulnerability has been found in git before 2.26.2. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper...
CVE-2020-5260 AVG-1133 High Yes Information disclosure
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses...
CVE-2019-19604 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set...
CVE-2019-1387 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation...
CVE-2019-1354 AVG-1074 High Yes Arbitrary code execution
Filenames on Linux/Unix can contain backslashes. On Windows, backslashes are directory separators. Git did not use to refuse to write out tracked files with...
CVE-2019-1353 AVG-1074 Medium Yes Arbitrary code execution
When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS...
CVE-2019-1352 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where it was unaware of NTFS Alternate Data Streams, allowing files inside the .git/ directory to be...
CVE-2019-1351 AVG-1074 Medium Yes Arbitrary code execution
While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual...
CVE-2019-1350 AVG-1074 Medium Yes Arbitrary code execution
Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs.
CVE-2019-1349 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 when using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate...
CVE-2019-1348 AVG-1073 High Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where the --export-marks option of git fast-import is exposed also via the in- stream command feature...
CVE-2018-17456 AVG-776 High Yes Arbitrary code execution
A security issue has been found in git versions prior to 2.19.1, which allows an attacker to execute arbitrary code by crafting a malicious .gitmodules file...
CVE-2018-11235 AVG-711 Critical Yes Arbitrary code execution
A security issue has been found in git before 2.17.1. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that...
CVE-2018-11233 AVG-711 Medium Yes Information disclosure
A security issue has been found in git before 2.17.1, where the code that sanify-check paths in is_ntfs_dotgit() could have been tricked into reading random...
CVE-2017-1000117 AVG-377 Critical Yes Arbitrary command execution
A security issue has been found in git < 2.14.1. A malicious third- party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to...
CVE-2017-8386 AVG-267 High Yes Access restriction bypass
A security issue has been found in git < 2.12.3, allowing a remote restricted user to execute an interactive pager on the server by causing it to spawn "git...

Advisories

Date Advisory Group Severity Description
22 Apr 2020 ASA-202004-21 AVG-1138 High information disclosure
14 Apr 2020 ASA-202004-13 AVG-1133 High information disclosure
18 Dec 2019 ASA-201912-6 AVG-1073 High arbitrary code execution
09 Oct 2018 ASA-201810-7 AVG-776 High arbitrary code execution
01 Jun 2018 ASA-201806-1 AVG-711 Critical multiple issues
12 Aug 2017 ASA-201708-6 AVG-377 Critical arbitrary command execution
12 May 2017 ASA-201705-14 AVG-267 High access restriction bypass