• Home
  • Encyclopedia
  • Endpoint Vulnerability
  • CVE-2019-1349git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/

At a glance:

ID 61773
Created Jan 28, 2020
Description Updated Jan 28, 2020
Severity
Coverage FortiClient

Endpoint Vulnerability

CVE-2019-1349git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/

Description

An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution.

Affected Products

git

Vendor

https://bugzilla.redhat.com/show_bug.cgi?id=1781143,

References

CVE-2019-1349,