Home

CVE-2019-1387

Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.358

Associated Vulnerability

VulnerabilityOS Platform
Update Git (2.24.1) addressing the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, and CVE-2019-19604Windows
Update Git (x64) (2.24.1) addressing the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, and CVE-2019-19604Windows
fast, scalable, distributed revision control system (USN-4220-1) git_2.7.4-0ubuntu1.7_i386.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.7.4-0ubuntu1.7_amd64.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.17.1-1ubuntu0.5_i386.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.17.1-1ubuntu0.5_amd64.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.20.1-2ubuntu1.19.04.1_i386.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.20.1-2ubuntu1.19.04.1_amd64.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.20.1-2ubuntu1.19.10.1_i386.debLinux
fast, scalable, distributed revision control system (USN-4220-1) git_2.20.1-2ubuntu1.19.10.1_amd64.debLinux
git security update(DSA-4581-1) git_2.11.0-3+deb9u5_i386.debLinux
git security update(DSA-4581-1) git_2.11.0-3+deb9u5_amd64.debLinux
git security update(DSA-4581-1) git_2.20.1-2+deb10u1_i386.debLinux
git security update(DSA-4581-1) git_2.20.1-2+deb10u1_amd64.debLinux
(RHSA-2020:0124) git security update emacs-git-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update emacs-git-el-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-1.8.3.1-21.el7_7.x86_64.rpmLinux
(RHSA-2020:0124) git security update git-all-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-bzr-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-cvs-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-daemon-1.8.3.1-21.el7_7.x86_64.rpmLinux
(RHSA-2020:0124) git security update git-email-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-gnome-keyring-1.8.3.1-21.el7_7.x86_64.rpmLinux
(RHSA-2020:0124) git security update git-gui-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-hg-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-instaweb-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-p4-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update git-svn-1.8.3.1-21.el7_7.x86_64.rpmLinux
(RHSA-2020:0124) git security update gitk-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update gitweb-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update perl-Git-1.8.3.1-21.el7_7.noarch.rpmLinux
(RHSA-2020:0124) git security update perl-Git-SVN-1.8.3.1-21.el7_7.noarch.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312484Git (2.25.0)
PATCH-319947Git (x64) (2.32.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234