CVE-2019-1348

Public on 2019-12-09

Modified on 2020-03-23

Description

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file.

Severity

Medium

See what this means

CVSS v3 Base Score

3.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	git	2019-12-09 22:06	ALAS-2019-1325
Amazon Linux 2 - Core	git	2019-12-13 19:06	ALAS2-2019-1371

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
NVD	CVSSv2	3.6	AV:L/AC:L/Au:N/C:N/I:P/A:P
NVD	CVSSv3	3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Red Hat: CVE-2019-1348 Mitre: CVE-2019-1348 FAQs regarding Amazon Linux ALAS/CVE Severity