Git vulnerability (CVE-2024-32002)
This is a critical git vulnerability (as of May 16).
Git vulnerability (CVE-2024-32002)
What’s happening?
I came across this post of a critical git vulnerability (as of May 16).
This vulnerability allow git to run malicious source codes by just git clone from crafted repositories through git submodules.
There is an exploitation demo here.
GitHub - safebuffer/CVE-2024-32002: CVE-2024-32002 RCE PoC
CVE-2024-32002 RCE PoC. Contribute to safebuffer/CVE-2024-32002 development by creating an account on GitHub.
Solution
Simple now as there are patches and we need to update our git.
check version
The patch versions are since v2.39.4.
We can check our current git version by run the command
1
git -v
Mine was “git version 2.39.3 (Apple Git-146)” and it needed to be updated.
Update git in MacOS
We can use homebrew to update it.
1
2
3
4
5
# install git
brew install git
# symlink git
brew unlink git && brew link git
Learn more about homebrew by this blog.
Homebrew - One place for all
Most of necessary, popular, or essential packages (and programs) can be found here.
Update git in Windows
Follow this link and install.
Repo
This post is licensed under CC BY 4.0 by the author.