CVE-2023-23946

Name of the Vulnerable Software and Affected Versions Git versions prior to 2.39.2 Git versions prior to 2.38.4 Git versions prior to 2.37.6 Git versions prior to 2.36.5 Git versions prior to 2.35.7 Git versions prior to 2.34.7 Git versions prior to 2.33.7 Git versions prior to 2.32.6 Git versions prior to 2.31.7 Git versions prior to 2.30.8

Description The issue is related to path traversal in Git, a revision control system. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. This can allow a remote attacker to overwrite arbitrary files in the system.

Recommendations For versions prior to 2.39.2, update to version 2.39.2 or later. For versions prior to 2.38.4, update to version 2.38.4 or later. For versions prior to 2.37.6, update to version 2.37.6 or later. For versions prior to 2.36.5, update to version 2.36.5 or later. For versions prior to 2.35.7, update to version 2.35.7 or later. For versions prior to 2.34.7, update to version 2.34.7 or later. For versions prior to 2.33.7, update to version 2.33.7 or later. For versions prior to 2.32.6, update to version 2.32.6 or later. For versions prior to 2.31.7, update to version 2.31.7 or later. For versions prior to 2.30.8, update to version 2.30.8 or later. As a temporary workaround, use git apply --stat to inspect a patch before applying and avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.