一个git相关的cve:CVE-2024-32002

最近听说一个与自己相关的CVE, CVE-2024-32002

文章目录


前言

cve git windows hook submodule

利用submodule和hook,实现对.git目录注入hook的目标。

影响windows和mac os下的大部分git版本。


提示:以下是本篇文章正文内容,下面案例可供参考

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

二、PATCH

https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d


总结

提示:windows下,应尽快换最新的git版本。

相关推荐
NewBee_Lxx几秒前
gitmakegdb
git
丶213614 小时前
【Git】Git 远程仓库命令详解
git
InnovatorX14 小时前
Git 操作
大数据·git·elasticsearch
云间行者2 天前
Git使用全解析:10分钟精通版本控制!
git
Roc-xb2 天前
bash: git: command not found
windows·git
焦糖酒2 天前
Git通讲-第二章(1):快照和不可变对象模型
git
别下那么会看场合的雨啊2 天前
git记录(一部分一部分加)
git
iTarget2 天前
使用ssh-key免密登录服务器或免密连接git代码仓库网站
运维·git·ssh
花开莫与流年错_3 天前
GitLab代码仓管理安装配置使用
运维·服务器·git·gitlab·配置·代码仓