一个git相关的cve:CVE-2024-32002

最近听说一个与自己相关的CVE, CVE-2024-32002

文章目录


前言

cve git windows hook submodule

利用submodule和hook,实现对.git目录注入hook的目标。

影响windows和mac os下的大部分git版本。


提示:以下是本篇文章正文内容,下面案例可供参考

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

二、PATCH

https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d


总结

提示:windows下,应尽快换最新的git版本。

相关推荐
Kkooe1 小时前
GitLab|数据迁移
运维·服务器·git
Beekeeper&&P...2 小时前
git bash是什么,git是什么,git中的暂存区是什么,git中的本地仓库是什么,git中工作目录指的是什么
开发语言·git·bash
Stara05117 小时前
Git推送+拉去+uwsgi+Nginx服务器部署项目
git·python·mysql·nginx·gitee·github·uwsgi
lsswear7 小时前
GIT 操作
git
勋勋勋勋小勋勋7 小时前
git分支合并某一次提交
git
PandaCave8 小时前
git常用命令以及注意事项总结
git
算你狠 - ZGX12 小时前
Git使用
git
Lojarro19 小时前
【后端】版本控制
git·subversion
MengYiKeNan1 天前
Git配置与使用
git