FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

git -- "git apply" overwriting paths outside the working tree

Affected packages
git < 2.39.2

Details

VuXML ID 21f12de8-b1db-11ed-b0f4-002590f2a714
Discovery 2023-02-14
Entry 2023-02-21

git team reports:

By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply".

References

CVE Name CVE-2023-23946
URL https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946