CVE-2024-32004

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
Configurations

No configuration.

History

21 Nov 2024, 09:14

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/14/2 - () http://www.openwall.com/lists/oss-security/2024/05/14/2 -
References () https://git-scm.com/docs/git-clone - () https://git-scm.com/docs/git-clone -
References () https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8 - () https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8 -
References () https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 - () https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 -
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/ -

26 Jun 2024, 10:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html -

10 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/14/2 -

10 Jun 2024, 18:15

Type Values Removed Values Added
Summary
  • (es) Git es un sistema de control de revisiones. Antes de las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4, un atacante puede preparar un repositorio local de tal manera que, cuando se clone, ejecute código arbitrario durante la operación. El problema se solucionó en las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4. Como workaround, evite clonar repositorios de fuentes que no sean de confianza.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/ -

14 May 2024, 19:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 19:15

Updated : 2024-11-21 09:14


NVD link : CVE-2024-32004

Mitre link : CVE-2024-32004

CVE.ORG link : CVE-2024-32004


JSON object : View

Products Affected

No product.

CWE
CWE-114

Process Control