Vulnerability CVE-2019-1351: Information

Description

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1351
Published: Jan. 25, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-706

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gitsisyphus2.24.1-alt12.42.2-alt1ALT-PU-2019-3258-1242631Fixed
gitp102.24.1-alt12.33.8-alt1ALT-PU-2019-3258-1242631Fixed
gitp92.24.1-alt12.25.4-alt1ALT-PU-2019-3259-1242632Fixed
gitp82.24.1-alt12.24.1-alt1ALT-PU-2019-3276-1242633Fixed
gitc10f12.24.1-alt12.42.1-alt1ALT-PU-2019-3258-1242631Fixed
gitc9f22.24.1-alt12.42.1-alt1ALT-PU-2019-3259-1242632Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351
  • Patch
  • Vendor Advisory
openSUSE-SU-2020:0123
  • Third Party Advisory
GLSA-202003-30
    openSUSE-SU-2020:0598
      https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

          1. Configuration 1

            cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
            Start including
            15.0
            End excliding
            15.9.18
            cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
            Start including
            16.0
            End excliding
            16.4.1

            Configuration 2

            cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.1
        Back to top