CVE-2019-1348

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/01/2020
Last modified:
07/11/2023

Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.14.0 (including) 2.14.6 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.15.0 (including) 2.15.4 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.16.0 (including) 2.16.6 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.17.0 (including) 2.17.3 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.18.0 (including) 2.18.2 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.19.0 (including) 2.19.3 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.20.0 (including) 2.20.2 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.21.0 (including) 2.21.1 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.22.0 (including) 2.22.2 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.23.0 (including) 2.23.1 (excluding)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* 2.24.0 (including) 2.24.1 (excluding)
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*