FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

git -- multiple vulnerabilities

Affected packages
git < 2.48.1
git-cvs < 2.48.1
git-gui < 2.48.1
git-p4 < 2.48.1
git-svn < 2.48.1

Details

VuXML ID 3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8
Discovery 2024-10-29
Entry 2025-01-14

Git development team reports:

CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the user susceptible to crafted URLs (e.g. in recursive clones) that mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead.

CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to credential helpers which use line-reading functions that interpret said Carriage Returns as line endings, even though Git did not intend that.

[source]

References

CVE Name CVE-2024-50349
CVE Name CVE-2024-52006
URL https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr
URL https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.