Vulnerability Description
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Git-Scm | Git | >= 2.14.0, < 2.14.6 |
| Opensuse | Leap | 15.1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
- https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u
- https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/
- https://security.gentoo.org/glsa/202003-30
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
- https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u
- https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/
- https://security.gentoo.org/glsa/202003-30
FAQ
What is CVE-2019-1353?
CVE-2019-1353 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known ...
How severe is CVE-2019-1353?
CVE-2019-1353 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-1353?
Check the references section above for vendor advisories and patch information. Affected products include: Git-Scm Git, Opensuse Leap.