Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
Weakness
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Git | Git-scm | * | 2.39.4 (excluding) |
| Git | Git-scm | 2.40.0 (including) | 2.40.2 (excluding) |
| Git | Git-scm | 2.42.0 (including) | 2.42.2 (excluding) |
| Git | Git-scm | 2.43.0 (including) | 2.43.4 (excluding) |
| Git | Git-scm | 2.41.0 (including) | 2.41.0 (including) |
| Git | Git-scm | 2.44.0 (including) | 2.44.0 (including) |
| Git | Git-scm | 2.45.0 (including) | 2.45.0 (including) |
| Red Hat Enterprise Linux 8 | RedHat | git-0:2.43.5-1.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | git-0:2.18.4-5.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | git-0:2.27.0-5.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | git-0:2.27.0-5.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | git-0:2.27.0-5.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | git-0:2.31.8-3.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | git-0:2.31.8-3.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | git-0:2.31.8-3.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | git-0:2.39.5-1.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | git-0:2.43.5-1.el9_4 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | git-0:2.31.1-6.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | git-0:2.39.5-1.el9_2 | * |
| Git | Ubuntu | devel | * |
| Git | Ubuntu | esm-infra/bionic | * |
| Git | Ubuntu | esm-infra/focal | * |
| Git | Ubuntu | focal | * |
| Git | Ubuntu | jammy | * |
| Git | Ubuntu | mantic | * |
| Git | Ubuntu | noble | * |
| Git | Ubuntu | upstream | * |
Extended Description
Process control vulnerabilities of the first type occur when either data enters the application from an untrusted source and the data is used as part of a string representing a command that is executed by the application. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have.
Potential Mitigations
Related Attack Patterns
References
- http://www.openwall.com/lists/oss-security/2024/05/14/2
- https://git-scm.com/docs/git-clone
- https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
- https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
- https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
- http://www.openwall.com/lists/oss-security/2024/05/14/2
- https://git-scm.com/docs/git-clone
- https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
- https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
- https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/