Red Hat Security Advisory 2020-0316-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
216392714ecd88f7b91b85075e2ee5a04f8b9bc3b662d4482e8d34c1a022f9b0
Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.
b0d0c095cbfecc82d058925a21b052e5cd29e36b802d25a05e5dae99f9f856dc
This Metasploit module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized.
5e9e44960e6f06d93f426ccf255b7325e10a8e4880af47ebb08bf7796333190e
Red Hat Security Advisory 2018-3541-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
971f68d30a084edf1e61ac699ef1e8cba4ac26e04f2fd4aa6e63c7aace6475dd
Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49
Red Hat Security Advisory 2018-3408-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
51781770f2596ce6ad3280f46534ea634d590da20af0e697d7b19d6aa2107996
This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.
e19e46c66ca213278e2e5071ab8ca2967a9ee4af6d8e8a3c08f2175f8fa16633
Ubuntu Security Notice 3791-1 - It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used.
b0091665b9248495c8ccd5b4aad022e4a512fe99c55c31011b9b7190096a0b38
Updated releases address a security flaw that allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules.
a7bfbc5c58e56b3f5f562b25a0f4882e6dde1f1740a22255ddb7d848dc2d7d40
Debian Linux Security Advisory 4311-1 - joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules.
49e7b138b7a81442c010432814d5470e22202a602765d1223de5dc91aacd2e66