Endpoint Vulnerability

CVE-2019-1349git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/

Description

An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution.

Affected Products

git

References

CVE-2019-1349,