vulnerability
Oracle Linux: CVE-2019-1349: ELSA-2019-4356: git security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | 12/10/2019 | 10/05/2022 | 11/30/2024 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
12/10/2019
Added
10/05/2022
Modified
11/30/2024
Description
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution.
An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution.
Solution(s)
oracle-linux-upgrade-gitoracle-linux-upgrade-git-alloracle-linux-upgrade-git-coreoracle-linux-upgrade-git-core-docoracle-linux-upgrade-git-daemonoracle-linux-upgrade-git-emailoracle-linux-upgrade-git-guioracle-linux-upgrade-git-instaweboracle-linux-upgrade-gitkoracle-linux-upgrade-git-subtreeoracle-linux-upgrade-git-svnoracle-linux-upgrade-gitweboracle-linux-upgrade-perl-gitoracle-linux-upgrade-perl-git-svn
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.