CVE-2019-1387

Summary

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationGitBefore v2.24.1affected
Microsoft CorporationGitBefore v2.23.1affected
Microsoft CorporationGitBefore v2.22.2affected
Microsoft CorporationGitBefore v2.21.1affected
Microsoft CorporationGitBefore v2.20.2affected
Microsoft CorporationGitBefore v2.19.3affected
Microsoft CorporationGitBefore v2.18.2affected
Microsoft CorporationGitBefore v2.17.3affected
Microsoft CorporationGitBefore v2.16.6affected
Microsoft CorporationGitBefore v2.15.4affected
Microsoft CorporationGitBefore v2.14.6affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References