CVE-2019-1350

CVE-2019-1350

Name

CVE-2019-1350

Description

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350
MISC	https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
GENTOO	https://security.gentoo.org/glsa/202003-30
GENTOO	https://security.gentoo.org/glsa/202003-42
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Type

URI

Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350

MISC

https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

GENTOO

https://security.gentoo.org/glsa/202003-30

GENTOO

https://security.gentoo.org/glsa/202003-42

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:microsoft:visual_studio_2017::::::::`	visual_studio_2017	>= 15.0	< 15.9.18
`cpe:2.3:a:microsoft:visual_studio_2019::::::::`	visual_studio_2019	>= 16.0	< 16.4.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*

visual_studio_2017

>= 15.0

< 15.9.18

cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*

visual_studio_2019

>= 16.0

< 16.4.1

References

Match rules

Vulnerable and fixed packages