Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
10
Affected Products
6
References
git-scm / git
| git-scm | git | 2.32.0 - 2.32.6 | - |
| git-scm | git | 2.33.0 - 2.33.7 | - |
| git-scm | git | 2.34.0 - 2.34.7 | - |
| git-scm | git | 2.35.0 - 2.35.7 | - |
| git-scm | git | 2.36.0 - 2.36.5 | - |
| git-scm | git | 2.37.0 - 2.37.6 | - |
| git-scm | git | 2.38.0 - 2.38.4 | - |
| git-scm | git | 2.39.0 - 2.39.2 | - |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability
Impact