Post

Git vulnerability (CVE-2024-32002)

This is a critical git vulnerability (as of May 16).

Git vulnerability (CVE-2024-32002)

What’s happening?

I came across this post of a critical git vulnerability (as of May 16).

This vulnerability allow git to run malicious source codes by just git clone from crafted repositories through git submodules.

There is an exploitation demo here.


Solution

Simple now as there are patches and we need to update our git.

check version

The patch versions are since v2.39.4.

We can check our current git version by run the command

1
git -v

Mine was “git version 2.39.3 (Apple Git-146)” and it needed to be updated.

Update git in MacOS

We can use homebrew to update it.

1
2
3
4
5
# install git
brew install git

# symlink git 
brew unlink git && brew link git

Learn more about homebrew by this blog.

Update git in Windows

Follow this link and install.


Repo

This post is licensed under CC BY 4.0 by the author.