vulnerability
FreeBSD: VID-d2c6173f-e43b-11ed-a1d7-002590f2a714 (CVE-2023-25652): git -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Apr 26, 2023 | Apr 27, 2023 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Apr 26, 2023
Added
Apr 27, 2023
Modified
Dec 10, 2025
Description
git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch) CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on
Solutions
freebsd-upgrade-package-gitfreebsd-upgrade-package-git-litefreebsd-upgrade-package-git-tiny
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.