GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
Improper Input Validation
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/git | deb | debian | 12 | >=1:2.39.2-1.1 | Not yet available |
debian/git | deb | debian | 11 | >=1:2.30.2-1+deb11u2 | Not yet available |
debian/git | deb | debian | unstable | >=1:2.43.0-1 | Not yet available |
debian/git | deb | debian | 10 | >=1:2.20.1-2+deb10u3 | Not yet available |
debian/git | deb | debian | 13 | >=1:2.43.0-1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.8
2.8
1.6