QwikSec

Security Database

CVE

CWE

Training

CVE-2019-1387

Published: Dec 18, 2019

Modified: Nov 4, 2025

PUBLISHED

Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.

Vendor	Product	Versions
Microsoft Corporation	Git	affected `Before v2.24.1` affected `Before v2.23.1` affected `Before v2.22.2` affected `Before v2.21.1` affected `Before v2.20.2` +6 more versions

References

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u

vendor-advisory

vendor-advisory

FEDORA-2019-1cec196e20

vendor-advisory

vendor-advisory

[debian-lts-announce] 20200123 [SECURITY] [DLA 2059-1] git security update

mailing-list

https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

openSUSE-SU-2020:0123

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

openSUSE-SU-2020:0598

vendor-advisory

[debian-lts-announce] 20240626 [SECURITY] [DLA 3844-1] git security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.