CVE-2024-52005

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Git (affected versions not specified)

Description The issue concerns Git, a source code management tool. When cloning from a server, informational or error messages are transported from the remote Git process to the client via the "sideband channel". These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts.

Recommendations Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-150

Related Identifiers

ALSA-2025:7409

ALSA-2025:7482

ALSA-2025:8414

ALSA-2025_7409

ALSA-2025_8414

AZL-56370

AZL-56373

BDU:2025-02194

BIT-GIT-2024-52005

CESA-2025_8414

CVE-2024-52005

ECHO-C63D-3F15-6E1F

GHSA-7JJC-GG6M-3329

INFSA-2025_7409

INFSA-2025_8414

OESA-2025-1115

RHSA-2025:7409

RHSA-2025:7482

RHSA-2025:7640

RHSA-2025:7641

RHSA-2025:8414

RHSA-2025_7409

RHSA-2025_8414

Affected Products

Almalinux

Centos

Debian

Git

Red Hat

Rocky Linux

CVE-2024-52005

Weakness Enumeration

Related Identifiers

Affected Products

References · 40