CVE Vulnerabilities

CVE-2019-1387

Published: Dec 18, 2019 | Modified: Jun 26, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
LOW

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Affected Software

Name Vendor Start Version End Version
Git Git-scm 2.14.0 (including) 2.14.6 (excluding)
Git Git-scm 2.15.0 (including) 2.15.4 (excluding)
Git Git-scm 2.16.0 (including) 2.16.6 (excluding)
Git Git-scm 2.17.0 (including) 2.17.3 (excluding)
Git Git-scm 2.18.0 (including) 2.18.2 (excluding)
Git Git-scm 2.19.0 (including) 2.19.3 (excluding)
Git Git-scm 2.20.0 (including) 2.20.2 (excluding)
Git Git-scm 2.22.0 (including) 2.22.2 (excluding)
Git Git-scm 2.21.0 (including) 2.21.0 (including)
Git Git-scm 2.23.0 (including) 2.23.0 (including)
Git Git-scm 2.24.0 (including) 2.24.0 (including)
Red Hat Enterprise Linux 7 RedHat git-0:1.8.3.1-21.el7_7 *
Red Hat Enterprise Linux 8 RedHat git-0:2.18.2-1.el8_1 *
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat git-0:2.18.2-1.el8_0 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-git218-git-0:2.18.2-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat rh-git218-git-0:2.18.2-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-git218-git-0:2.18.2-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-git218-git-0:2.18.2-1.el7 *
Git Ubuntu bionic *
Git Ubuntu devel *
Git Ubuntu disco *
Git Ubuntu eoan *
Git Ubuntu trusty *
Git Ubuntu upstream *
Git Ubuntu xenial *

References