Vulnerability CVE-2019-1354: Information

Description

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-1354

Published: Jan. 25, 2020

Modified: Nov. 7, 2023

Error type identifier: CWE-20

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
git	sisyphus	2.24.1-alt1	2.42.2-alt1	ALT-PU-2019-3258-1	242631	Fixed
git	p10	2.24.1-alt1	2.33.8-alt1	ALT-PU-2019-3258-1	242631	Fixed
git	p9	2.24.1-alt1	2.25.4-alt1	ALT-PU-2019-3259-1	242632	Fixed
git	p8	2.24.1-alt1	2.24.1-alt1	ALT-PU-2019-3276-1	242633	Fixed
git	c10f1	2.24.1-alt1	2.42.1-alt1	ALT-PU-2019-3258-1	242631	Fixed
git	c9f2	2.24.1-alt1	2.42.1-alt1	ALT-PU-2019-3259-1	242632	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354	Patch Vendor Advisory
openSUSE-SU-2020:0123
GLSA-202003-30
openSUSE-SU-2020:0598
https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

Affected configurations:
1. Configuration 1
  cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
  Start including
  15.0
  End excliding
  15.9.18
  cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
  Start including
  16.0
  End excliding
  16.4.1

Version: v24.5.1

Vulnerability CVE-2019-1354: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1