Endpoint Vulnerability

CVE-2019-1387git: Remote code execution in recursive clones with nested submodules

Description

A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. A remote attacker could abuse this flaw to trick a victim user into cloning a malicious repository containing submodules, which, when recursively cloned, would trigger the flaw and remotely execute code on the victim's machine.

Affected Products

git

Vendor

References

CVE-2019-1387,