Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | git-0:2.47.3-1.el10_0 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | git-0:1.8.3.1-25.el7_9.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | git-0:2.43.7-1.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | git-0:2.18.4-5.el8_2.1 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | git-0:2.27.0-5.el8_4.1 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | git-0:2.27.0-5.el8_4.1 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | git-0:2.31.8-3.el8_6.1 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | git-0:2.31.8-3.el8_6.1 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | git-0:2.31.8-3.el8_6.1 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | git-0:2.39.5-1.el8_8.2 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | git-0:2.39.5-1.el8_8.2 | * |
| Red Hat Enterprise Linux 9 | RedHat | git-0:2.47.3-1.el9_6 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | git-0:2.31.1-6.el9_0.1 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | git-0:2.39.5-1.el9_2.2 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | git-0:2.43.5-1.el9_4.2 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.5-4.1753280805 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-businesscentral-rhel8:7.13.5-4.1753280812 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-controller-rhel8:7.13.5-4.1752676933 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-dashbuilder-rhel8:7.13.5-3.1752676926 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-kieserver-rhel8:7.13.5-4.1752676932 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-operator-bundle:7.13.5-27 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-process-migration-rhel8:7.13.5-4.1752676925 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-rhel8-operator:7.13.5-2.1752676931 | * |
| RHEL-8 based Middleware Containers | RedHat | rhpam-7/rhpam-smartrouter-rhel8:7.13.5-4.1752676930 | * |
| Git | Ubuntu | devel | * |
| Git | Ubuntu | esm-infra/bionic | * |
| Git | Ubuntu | esm-infra/focal | * |
| Git | Ubuntu | esm-infra/xenial | * |
| Git | Ubuntu | jammy | * |
| Git | Ubuntu | noble | * |
| Git | Ubuntu | oracular | * |
| Git | Ubuntu | plucky | * |
| Git | Ubuntu | upstream | * |