CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-32002

Critical Severity
Git
SVRS
70/100
CVSSv3
9.1/10
EPSS
0.70998/1

CVE-2024-32002 is a critical vulnerability in Git that allows for arbitrary code execution during cloning operations. This flaw impacts Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, where maliciously crafted repositories with submodules can trick Git into writing files into the .git/ directory. This enables the injection and execution of malicious hooks while the clone is in progress, leaving users vulnerable to untrusted code execution. With an SVRS of 70, CVE-2024-32002 presents a serious risk, as active exploits are available. While disabling symbolic link support mitigates the vulnerability, updating to the patched versions of Git is strongly advised. Organizations using Git should prioritize updating to the patched version of git to prevent potential security breaches. The presence of "In The Wild" and "Exploit Available" tags further emphasizes the urgent need to apply these updates.

TAGS
In The Wild
Exploit Avaliable
X_refsource_CONFIRM
X_refsource_MISC
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-05-14
LAST MODIFIED2025-02-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
th4s1s/CVE-2024-32002-PoChttps://github.com/th4s1s/CVE-2024-32002-PoC2024-09-27
Masamuneee/hookhttps://github.com/Masamuneee/hook2024-09-27
SpycioKon/CVE-2024-32002https://github.com/SpycioKon/CVE-2024-320022024-07-30
safebuffer/CVE-2024-32002https://github.com/safebuffer/CVE-2024-320022024-05-18
chrisWalker11/CVE-2024-32002-Exploiting-Git-RCE-via-git-clonehttps://github.com/chrisWalker11/CVE-2024-32002-Exploiting-Git-RCE-via-git-clone2024-08-02
Roronoawjd/git_rcehttps://github.com/Roronoawjd/git_rce2024-05-21
JakobTheDev/cve-2024-32002-poc-awhttps://github.com/JakobTheDev/cve-2024-32002-poc-aw2024-05-25
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Tuesday, May 21st, 2024
Dr. Johannes B. Ullrich2024-05-21
ISC StormCast for Tuesday, May 21st, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Analyzing MSG Files; Fluent Bit Vuln; Fortinet Vuln Details; Git and Google Chrome PoCs;Analyzing MSG Files https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940 Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323 https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992 https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
sans.edu
rss
forum
news
CVE-2024-32002 | Git Submodule .git/ path traversal (GHSA-8h77-4q3w-gfgv / Nessus ID 214411)
vuldb.com2025-01-22
CVE-2024-32002 | Git Submodule .git/ path traversal (GHSA-8h77-4q3w-gfgv / Nessus ID 214411) | A vulnerability was found in Git and classified as critical. Affected by this issue is some unknown functionality of the file .git/ of the component Submodule Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-32002. The attack
vuldb.com
rss
forum
news
GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands
Guru Baran2024-11-15
GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands | A critical security vulnerability has been discovered in GitHub CLI that could allow attackers to execute malicious commands on a user&#8217;s system through remote code execution (RCE). The flaw, identified as CVE-2024-32002, affects versions of GitHub CLI prior to 2.62.0 and poses a significant risk to developers who use the tool to interact with GitHub [&#8230;] The post GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands</a
cybersecuritynews.com
rss
forum
news
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats &amp; New Stories) - CybersecurityNews
2024-05-26
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats &amp; New Stories) - CybersecurityNews | Description: To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. Such a weekly recap of cyber-security news is essential, as it can provide insight into newly emerging threats, vulnerabilities, data breaches, and countermeasures. Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks requires situational awareness in this dynamic threat landscape. Threats Hackers Weaponizing Microsoft Access Documents Microsoft Access documents that have been hacked are used to run malicious programs causing loss of
google.com
rss
forum
news
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats &amp; New Stories) - CybersecurityNews
2024-05-26
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats &amp; New Stories) - CybersecurityNews | News Content: To strengthen organizational protections, one must stay up to date with the constantly evolving nature of cybersecurity. Such a weekly recap of cyber-security news is essential, as it can provide insight into newly emerging threats, vulnerabilities, data breaches, and countermeasures. Mitigating risks promptly and securing critical assets against the latest attack vectors and cyber risks requires situational awareness in this dynamic threat landscape. Threats Hackers Weaponizing Microsoft Access Documents Microsoft Access documents that have been hacked are used to run malicious programs causing loss
ipv4s
cve-2024-32002
cve-2024-29849
cve-2024-36052
Data Breaches Digest - Week 20 2024
Dunkie ([email protected])2024-05-13
Data Breaches Digest - Week 20 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th May and 19th May 2024. 19th May <br
cve-2024-4761
cve-2024-4947
cve-2024-32002
cve-2024-30051
Data Breaches Digest - Week 21 2024
Dunkie ([email protected])2024-05-20
Data Breaches Digest - Week 21 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th May and 26th May 2024. 26th May <br
dbdigest.com
rss
forum
news

Social Media

A critical Git vulnerability (CVE-2024-32002) enables RCE attacks via submodules, impacting Git &amp; Visual Studio 2017. OPSWAT students analyzed patches, simulated attacks, and used MetaDefender Endpoint for mitigation. Read more:https://t.co/gbIAxyfJxT https://t.co/t8bs0gc9Zw
0
0
0
Compiled is a medium machine from @hackthebox_eu =&gt;CVE-2024-32002 (a git-rce)=&gt;abuse git clone to expose .git/ to execution context=&gt;CVE-2024-20656=&gt;abuse VSCode’s VSStandardCollectorService150 service -default setup as NT AUTHORITY\SYSTEM- to get a shell https://t.co/pVFIaTiC2h
0
0
0
The latest update for #Kondukto includes "Git SCM affected by CVE-2024-32002" and "Bring-Your-Own-Data (BYOD) to the Kondukto Platform". #Cybersecurity #AppSec #DevSecOps https://t.co/H3OXfk9UJd
0
0
0
🚀 New Blog Post Alert! 🚀 Dive into our latest post on detecting CVE-2024-32002, a critical RCE vulnerability in Git. Learn how to stay protected with practical detection strategies and Sigma rules here: https://t.co/pYnpuda09G #threathunting #git #detectionengineering
0
0
0
Pay attention to what you clone with Xcode 15.4. It might seem obvious, but it is vulnerable to CVE-2024-32002 too. https://t.co/N1idRLa8JK
0
0
0
On May14: #GIT released updates fixing 5 #vulnerabilities some of which represent a huge risk to the software supply chain. 10 days later, @ubuntu still lists CVE-2024-32002 marked as "needs" triage. @canonical When can we expect an update? #infosec #cybersecurity
0
0
0
NVD - CVE-2024-32002 https://t.co/vZILfbEORm
0
0
0
📛 git_rce 🧠 This repository offers a proof of concept for exploiting a Git vulnerability (CVE-2024-32002) enabling remote code execution during a `git clone` on Windows or Mac. 🛠️ @amalmurali47 💻 Shell ⭐ 201 🍴 60 🔗 https://t.co/eepBG7I4xp
0
0
0
New versions of Git are out, with fixes for CVE-2024-32002, which can be used to remotely execute code during a "clone" operation.1 week ago: https://t.co/wgszMkhiRr
0
0
0
GitHub Trending Archive, 21 May 2024, Shell. 2833844911/IPserver, QUICK-GCP-LAB/2-Minutes-Labs-Solutions, FalsePhilosopher/PPPwnWRT, safebuffer/CVE-2024-32002, amalmurali47/git_rce, Core-Node-Team/Testnet-TR, ChrisTitusTech/mybash, kkbo8005/mitan https://t.co/FmpyjMUNu6
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGitgit

References

ReferenceLink
[email protected]https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt
[email protected]https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
[email protected]https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
[email protected]https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
[email protected]http://www.openwall.com/lists/oss-security/2024/05/14/2
[email protected]https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt
[email protected]https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
[email protected]https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
[email protected]https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
[email protected]http://www.openwall.com/lists/oss-security/2024/05/14/2
[email protected]https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt
[email protected]https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
[email protected]https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
[email protected]https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
HTTPS://GIT-SCM.COM/DOCS/GIT-CLONE#DOCUMENTATION/GIT-CLONE.TXT---RECURSE-SUBMODULESLTPATHSPECGThttps://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt
HTTPS://GIT-SCM.COM/DOCS/GIT-CONFIG#DOCUMENTATION/GIT-CONFIG.TXT-CORESYMLINKShttps://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
HTTPS://GITHUB.COM/GIT/GIT/COMMIT/97065761333FD62DB1912D81B489DB938D8C991Dhttps://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
HTTPS://GITHUB.COM/GIT/GIT/SECURITY/ADVISORIES/GHSA-8H77-4Q3W-GFGVhttps://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

CWE Details

CWE IDCWE NameDescription
CWE-434Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CWE-59Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence