Vulnerability CVE-2019-1348: Information

Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1348
Published: Jan. 25, 2020
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gitsisyphus2.24.1-alt12.42.2-alt1ALT-PU-2019-3258-1242631Fixed
gitp102.24.1-alt12.33.8-alt1ALT-PU-2019-3258-1242631Fixed
gitp92.24.1-alt12.25.4-alt1ALT-PU-2019-3259-1242632Fixed
gitp82.24.1-alt12.24.1-alt1ALT-PU-2019-3276-1242633Fixed
gitc10f12.24.1-alt12.42.1-alt1ALT-PU-2019-3258-1242631Fixed
gitc9f22.24.1-alt12.42.1-alt1ALT-PU-2019-3259-1242632Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
openSUSE-SU-2020:0123
  • Third Party Advisory
RHSA-2020:0228
  • Third Party Advisory
https://support.apple.com/kb/HT210729
    GLSA-202003-30
      GLSA-202003-42
        openSUSE-SU-2020:0598
          https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u
            https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

                1. Configuration 1

                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.14.0
                  End excliding
                  2.14.6
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.15.0
                  End excliding
                  2.15.4
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.16.0
                  End excliding
                  2.16.6
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.17.0
                  End excliding
                  2.17.3
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.18.0
                  End excliding
                  2.18.2
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.19.0
                  End excliding
                  2.19.3
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.20.0
                  End excliding
                  2.20.2
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.21.0
                  End excliding
                  2.21.1
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.22.0
                  End excliding
                  2.22.2
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.23.0
                  End excliding
                  2.23.1
                  cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
                  Start including
                  2.24.0
                  End excliding
                  2.24.1

                  Configuration 2

                  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.1
              Back to top