Home

CVE-2021-40330

Description

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.447

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-40330 are affected in Git (X64) 2.9.5Windows
Vulnerabilities CVE-2021-40330 are affected in Git 2.9.5Windows
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-core-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-core-debuginfo-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-cvs-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-daemon-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-daemon-debuginfo-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-debugsource-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-email-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-gui-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-svn-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) git-web-2.26.2-27.49.3.x86_64.rpmLinux
SUSE-SU-2021:3484-1(SUSE Linux Enterprise Server 12-SP5 ) gitk-2.26.2-27.49.3.x86_64.rpmLinux
fast, scalable, distributed revision control system (USN-5076-1) git_2.17.1-1ubuntu0.9_i386.debLinux
fast, scalable, distributed revision control system (USN-5076-1) git_2.17.1-1ubuntu0.9_amd64.debLinux
fast, scalable, distributed revision control system (USN-5076-1) git_2.25.1-1ubuntu3.2_i386.debLinux
fast, scalable, distributed revision control system (USN-5076-1) git_2.25.1-1ubuntu3.2_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-342450Git (x64) (2.47.0.2)
PATCH-342449Git (2.47.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234