Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2019-1348

Public on 2019-12-09
Modified on 2020-03-23
Description

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file.

Severity
Medium
See what this means
CVSS v3 Base Score
3.3
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 git 2019-12-09 22:06 ALAS-2019-1325
Amazon Linux 2 - Core git 2019-12-13 19:06 ALAS2-2019-1371

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
NVD CVSSv2 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P
NVD CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N