CVE-2024-52005

EUVD-2024-46250
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
gitgit
𝑥
≤ 2.40.4
gitgit
2.41.0 ≤
𝑥
≤ 2.41.3
gitgit
2.42.0 ≤
𝑥
≤ 2.42.4
gitgit
2.43.0 ≤
𝑥
≤ 2.43.6
gitgit
2.44.0 ≤
𝑥
≤ 2.44.3
gitgit
2.45.0 ≤
𝑥
≤ 2.45.3
gitgit
2.46.0 ≤
𝑥
≤ 2.46.3
gitgit
2.47.0 ≤
𝑥
≤ 2.47.1
gitgit
2.48.0 ≤
𝑥
≤ 2.48.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
git
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
git
bionic
deferred
focal
deferred
jammy
deferred
noble
deferred
oracular
ignored
plucky
deferred
questing
deferred
xenial
deferred
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
git
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-all
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-core
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-core-doc
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-credential-libsecret
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-daemon
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-email
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-gui
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-instaweb
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-subtree
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
git-svn
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
gitk
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
gitweb
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
perl-Git
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
perl-Git-SVN
RHEL 8
0:2.43.5-3.el8_10
fixed
RHEL 9
0:2.47.1-2.el9_6
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
git
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-all
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-core
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-core-debuginfo
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-core-doc
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-credential-libsecret
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-credential-libsecret-debuginfo
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-cvs
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-daemon
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-daemon-debuginfo
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-debuginfo
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-debugsource
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-email
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-gui
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-instaweb
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-p4
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-subtree
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
git-svn
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
gitk
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
gitweb
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
perl-Git
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed
perl-Git-SVN
Amazon Linux 2
0:2.47.1-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.47.1-1.amzn2023.0.3
fixed