CVE-2019-1387

Name of the Vulnerable Software and Affected Versions Git versions prior to 2.24.1 Git versions prior to 2.23.1 Git versions prior to 2.22.2 Git versions prior to 2.21.1 Git versions prior to 2.20.2 Git versions prior to 2.19.3 Git versions prior to 2.18.2 Git versions prior to 2.17.3 Git versions prior to 2.16.6 Git versions prior to 2.15.4 Git versions prior to 2.14.6

Description The issue is caused by too-lax validation of submodule names in Git, allowing very targeted attacks via remote code execution in recursive clones. This vulnerability may allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity.

Recommendations For versions prior to 2.24.1, update to version 2.24.1 or later. For versions prior to 2.23.1, update to version 2.23.1 or later. For versions prior to 2.22.2, update to version 2.22.2 or later. For versions prior to 2.21.1, update to version 2.21.1 or later. For versions prior to 2.20.2, update to version 2.20.2 or later. For versions prior to 2.19.3, update to version 2.19.3 or later. For versions prior to 2.18.2, update to version 2.18.2 or later. For versions prior to 2.17.3, update to version 2.17.3 or later. For versions prior to 2.16.6, update to version 2.16.6 or later. For versions prior to 2.15.4, update to version 2.15.4 or later. For versions prior to 2.14.6, update to version 2.14.6 or later.