ALPINE-CVE-2024-32004

Source
https://security.alpinelinux.org/vuln/CVE-2024-32004
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2024-32004
Upstream
Published
2024-05-14T19:15:11.377Z
Modified
2026-07-08T04:31:52.936314959Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

References

Affected packages

Alpine:v3.17
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.39.5-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.18
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.40.3-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.19
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.43.4-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.20
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.45.1-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.21
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.45.1-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.22
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.45.1-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.23
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.45.1-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"
Alpine:v3.24
git

Package

Name
git
Purl
pkg:apk/alpine/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.40.0
Fixed
2.45.1-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-32004.json"