CVE-2019-1348

Name
CVE-2019-1348
Description
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Release Notes https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u
Release Notes https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0228
CONFIRM https://support.apple.com/kb/HT210729
GENTOO https://security.gentoo.org/glsa/202003-30
GENTOO https://security.gentoo.org/glsa/202003-42
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.14.0 < 2.14.6
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.15.0 < 2.15.4
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.16.0 < 2.16.6
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.17.0 < 2.17.3
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.18.0 < 2.18.2
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.19.0 < 2.19.3
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.20.0 < 2.20.2
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.21.0 < 2.21.1
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.22.0 < 2.22.2
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.23.0 < 2.23.1
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* git >= 2.24.0 < 2.24.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status