PoC Exploit Released for Critical Git RCE Vulnerability
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability in Git, identified as CVE-2024-32002, has recently come to light, posing significant risks to users of the widely used version control system.
The vulnerability allows for remote code execution (RCE) during the cloning of repositories with submodules, and proof-of-concept (PoC) exploits have already been released, raising concerns within the cybersecurity community, a tweet by ThreatMon.
GIT CVE-2024-32002 RCE Exploit
The CVE-2024-32002 exploit, a vulnerability in GIT (Version Control System) open to remote access, has been disclosed. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules could be created… pic.twitter.com/Rm4Gfhcl50
— ThreatMon (@MonThreat) May 22, 2024
CVE-2024-32002 – Details of the Vulnerability
The CVE-2024-32002 vulnerability exploits a subtle interaction between case-insensitive filesystems and symbolic links.
To mitigate the risks associated with CVE-2024-32002, users are advised to disable symbolic link support in Git by using the command git config –global core.symlinks false. Additionally, it is crucial to avoid cloning repositories from untrusted sources.
Git has released patches in versions v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4 to address this and other vulnerabilities, including CVE-2024-32004, which also allows RCE but under different conditions.
The widespread use of Git in software development, including platforms like GitHub and GitLab, amplifies the potential impact of this vulnerability.
For those unable to update immediately, caution is advised when cloning repositories from untrusted sources.
The cybersecurity community continues to monitor the situation closely, with ongoing efforts to enhance the security of Git and related tools.
For more detailed information and updates, visit the Git Security page on GitHub and stay informed about the latest advisories and security issues related to Git.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
PoC Exploit Released for Critical Git RCE Vulnerability
Author: DhivyaA critical vulnerability in Git, identified as CVE-2024-32002, has recently come to light, posing significant risks to users of the widely used version control system.
The vulnerability allows for remote code execution (RCE) during the cloning of repositories with submodules, and proof-of-concept (PoC) exploits have already been released, raising concerns within the cybersecurity community, a tweet by ThreatMon.
GIT CVE-2024-32002 RCE ExploitThe CVE-2024-32002 exploit, a vulnerability in GIT (Version Control System) open to remote access, has been disclosed. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules could be created… pic.twitter.com/Rm4Gfhcl50
— ThreatMon (@MonThreat) May 22, 2024
CVE-2024-32002 – Details of the Vulnerability
The CVE-2024-32002 vulnerability exploits a subtle interaction between case-insensitive filesystems and symbolic links.
To mitigate the risks associated with CVE-2024-32002, users are advised to disable symbolic link support in Git by using the command git config –global core.symlinks false. Additionally, it is crucial to avoid cloning repositories from untrusted sources.
Git has released patches in versions v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4 to address this and other vulnerabilities, including CVE-2024-32004, which also allows RCE but under different conditions.
The widespread use of Git in software development, including platforms like GitHub and GitLab, amplifies the potential impact of this vulnerability.
For those unable to update immediately, caution is advised when cloning repositories from untrusted sources.
The cybersecurity community continues to monitor the situation closely, with ongoing efforts to enhance the security of Git and related tools.
For more detailed information and updates, visit the Git Security page on GitHub and stay informed about the latest advisories and security issues related to Git.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
