CVE-2019-1349

Public on 2019-12-09
Modified on 2020-03-23
Description
An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution.
Severity
Medium
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 git 2019-12-13 19:06 ALAS2-2019-1371
Amazon Linux 1 git 2019-12-09 22:06 ALAS-2019-1325

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
NVD CVSSv3 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H