Vulnerability Details

Feed Type NuGet
Title Git vulnerability requires git client updates
Description A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected.

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

Severity: .0 (low)
More information: https://ossindex.sonatype.org/vuln/cfacab46-bdf8-40d4-8d50-06420a9c0013
Package LibGit2Sharp (any)
Source OSS Index
Assessment Unassessed by unknown on

Comments

There are no comments for this vulnerability.