HIGH 8.8
CVE-2019-1387
EN An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
2.2%
percentile 84.5%
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| git-scm | git | Windows | ≥2.14.0 <2.14.6 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.15.0 <2.15.4 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.16.0 <2.16.6 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.17.0 <2.17.3 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.18.0 <2.18.2 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.19.0 <2.19.3 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.20.0 <2.20.2 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | ≥2.22.0 <2.22.2 | cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* |
| git-scm | git | Windows | — | cpe:2.3:a:git-scm:git:2.21.0:*:*:*:*:*:*:* |
| git-scm | git | Windows | — | cpe:2.3:a:git-scm:git:2.23.0:*:*:*:*:*:*:* |
| git-scm | git | Windows | — | cpe:2.3:a:git-scm:git:2.24.0:*:*:*:*:*:*:* |