The Git project released new security bug-fix versions on May 14th, 2024: v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4:
- CVE-2024-32002: https://nvd.nist.gov/vuln/detail/CVE-2024-32002
- CVE-2024-32004: https://nvd.nist.gov/vuln/detail/CVE-2024-32004
- CVE-2024-32020: https://nvd.nist.gov/vuln/detail/CVE-2024-32020
- CVE-2024-32021: https://nvd.nist.gov/vuln/detail/CVE-2024-32021
- CVE-2024-32465, https://nvd.nist.gov/vuln/detail/CVE-2024-32465
The vulnerability CVE-2024-32002 is considered as critical, as it allows attackers to remotely execute code during a “clone” operation.
Upgrading to the latest Git version is essential to protect against these vulnerabilities. If you cannot update immediately, be cautious from where you clone repositories.
Additional information can be found also here:
Recent Comments