How severe is CVE-2024-32002?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2024-32002?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-32002 - CRITICAL Severity | CVSS 9

Vulnerability Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Related Vulnerabilities

CVE-2020-13376

CRITICAL

CVSS:9.0(Critical)

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.

CWE-222020

CVE-2021-34422

CRITICAL

CVSS:9.0(Critical)

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared...

CWE-222021

CVE-2023-32297

CRITICAL

CVSS:9.0(Critical)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through...

CWE-222023

CVE-2024-21400

CRITICAL

CVSS:9.0(Critical)

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CWE-222024

CVE-2024-31231

CRITICAL

CVSS:9.0(Critical)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.

CWE-222024

CVE-2024-33560

CRITICAL

CVSS:9.0(Critical)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8.

CWE-222024