一个git相关的cve:CVE-2024-32002

最近听说一个与自己相关的CVE, CVE-2024-32002

文章目录


前言

cve git windows hook submodule

利用submodule和hook,实现对.git目录注入hook的目标。

影响windows和mac os下的大部分git版本。


提示:以下是本篇文章正文内容,下面案例可供参考

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

二、PATCH

https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d


总结

提示:windows下,应尽快换最新的git版本。

相关推荐
weixin_4334176720 小时前
TortoiseGit推送到远端,如何配置
windows·git
Hey_Coder2 天前
【Git 常用命令速查表(按功能分类)】
git·git基础命令·git命令速查表·git 常用命令
colman wang2 天前
Git指令(Mac)
git·macos
cyforkk2 天前
Git 合并分支提示 Already up to date 的真实原因
git
●VON2 天前
HarmonyKit | 移动端开发者工具类应用的现状与趋势
git·华为·性能优化·harmonyos·鸿蒙
●VON2 天前
HarmonyKit | 鸿蒙开发协作:如何为 HarmonyKit 贡献一个新的工具
git·华为·harmonyos·鸿蒙
枕星而眠2 天前
Git仓库基础用法
大数据·git·后端·elasticsearch·全文检索
梦想三三2 天前
Git与GitHub基础入门:从零开始掌握版本控制与代码托管(完整图文教程)
人工智能·git·elasticsearch·github
Joy-鬼魅3 天前
Git常用操作
git
流浪0013 天前
Git篇(三):吃透远程协作:SSH 密钥、分支、标签全流程实战指南
运维·git·ssh