| CNNVD-ID编号 | CNNVD-201912-428 |
| CVE编号 | CVE-2019-19604 |
| 发布时间 | 2019-12-10 |
| 更新时间 | 2020-04-30 |
| 漏洞类型 | 输入验证错误 |
| 漏洞来源 | N/A |
| 危险等级 | 高危 |
| 威胁类型 | 本地 |
| 厂 商 | N/A |
Git是一套免费、开源的分布式版本控制系统。
Git中存在输入验证错误漏洞。远程攻击者可利用该漏洞在系统上执行任意命令。以下产品及版本受到影响:Git 2.20.2之前版本,2.21.1之前的2.21.x版本,2.22.2之前的2.22.x版本,2.23.1之前的2.23.x版本,2.24.1之前的2.24.x版本。
目前厂商已发布升级了Git 输入验证错误漏洞的补丁,Git 输入验证错误漏洞的补丁获取链接:
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
来源:CONFIRM
链接:https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.24.1.txt
来源:FEDORA
来源:MISC
链接:https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
来源:portal.msrc.microsoft.com
链接:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1468
来源:FEDORA
来源:CONFIRM
链接:https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
来源:DEBIAN
来源:MLIST
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200045-1.html
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20193313-1.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156755/Gentoo-Linux-Security-Advisory-202003-30.html
来源:www.auscert.org.au
来源:access.redhat.com
来源:nvd.nist.gov
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155626/Debian-Security-Advisory-4581-1.html
来源:pivotal.io
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Git-code-execution-via-Submodule-Update-31117
暂无