一个git相关的cve:CVE-2024-32002

最近听说一个与自己相关的CVE, CVE-2024-32002

文章目录


前言

cve git windows hook submodule

利用submodule和hook,实现对.git目录注入hook的目标。

影响windows和mac os下的大部分git版本。


提示:以下是本篇文章正文内容,下面案例可供参考

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

二、PATCH

https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d


总结

提示:windows下,应尽快换最新的git版本。

相关推荐
佛系菜狗4 小时前
【菜狗前端work-git】反合master代码的坑及如何解决避免+提交代码注意事项+git常用命令总结
git·gitlab
bpmf_fff6 小时前
十八(GIT)、GIT基本命令、axios别名方法、黑马就业数据平台(axios基地址、轻提示函数、注册及登录功能)
git
究极无敌暴龙战神X10 小时前
Git操作学习1
git·学习
白枫 White Maple10 小时前
将本地项目文件推送到Git仓库中
前端·git
SiYuanFeng14 小时前
【git reset】本地下载特定历史提交哈希值的github文件【未联网服务器】进行git reset操作
服务器·git·github·git reset
麦芽糖02191 天前
高级架构二 Git基础到高级
git·架构·github
徐浪老师1 天前
Git安装与配置全攻略:快速上手版本控制
git
Java林间1 天前
git commit-convention 提交格式
git