DEBIAN-CVE-2022-24975

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-24975

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-24975.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-24975

Upstream

CVE-2022-24975

Published

2022-02-11T20:15:07.507Z

Modified

2025-11-20T10:15:49.358363Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

References

https://security-tracker.debian.org/tracker/CVE-2022-24975

Affected packages

Debian:11 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.30.2-1

1:2.30.2-1+deb11u1

1:2.30.2-1+deb11u2

1:2.30.2-1+deb11u3

1:2.30.2-1+deb11u4

1:2.30.2-1+deb11u5

1:2.31.0~rc2+next.20210304-1

1:2.31.0~rc2+next.20210309-1

1:2.31.0-1

1:2.31.0+next.20210315-1

1:2.31.1-1

1:2.31.1+next.20210417-1

1:2.31.1+next.20210514-1

1:2.32.0~rc0-1

1:2.32.0~rc0+next.20210520-1

1:2.32.0~rc2-1

1:2.32.0~rc2+next.20210531-1

1:2.32.0-1

1:2.32.0+next.20210606-1

1:2.33.0-1

1:2.33.0+next.20210816-1

1:2.33.0+next.20210901-1

1:2.33.0+next.20210929-1

1:2.33.1-1

1:2.33.1+next.20211025-1

1:2.34.0-1

1:2.34.0+next.20211119-1

1:2.34.1-1~bpo11+1

1:2.34.1-1

1:2.34.1+next.20211124-1

1:2.34.1+next.20211202-1

1:2.34.1+next.20211221-1

1:2.34.1+next.20211227-1

1:2.35.1-1

1:2.35.1+next.20220128-1

1:2.35.1+next.20220211-1

1:2.35.2-1

1:2.36.0~rc2+next.20220411-1

1:2.36.0~rc2+next.20220414-1

1:2.36.0-1

1:2.36.0+next.20220417-1

1:2.36.0+next.20220428-1

1:2.36.0+next.20220504-1

1:2.36.1-1

1:2.36.1+next.20220505-1

1:2.37.2-1

1:2.37.2+next.20220812-1

1:2.38.1-1

1:2.38.1+next.20221031-1

1:2.39.0-1

1:2.39.0+next.20221212-1

1:2.39.0+next.20221220-1

1:2.39.1-0.1~bpo11+1

1:2.39.1-0.1

1:2.39.2-1~bpo11+1

1:2.39.2-1

1:2.39.2-1.1

1:2.39.2+next.20230215-1

1:2.40.0-1

1:2.40.0-1+alpha.1

1:2.40.0+next.20230313-1

1:2.40.0+next.20230319-1

1:2.40.1-1

1:2.40.1-1+alpha.1

1:2.40.1+next.20230424-1

1:2.40.1+next.20230427-1

1:2.42.0-1

1:2.43.0-1

1:2.43.0-1+alpha.2

1:2.43.0+next.20231120-1

1:2.43.0+next.20240104-1

1:2.45.1-1

1:2.45.1+next.20240516-1

1:2.45.2-1

1:2.45.2-1+alpha.1

1:2.45.2-1.1

1:2.45.2-1.1+alpha.1

1:2.45.2-1.2

1:2.45.2-1.3

1:2.45.2+next.20240614-1

1:2.47.1-1

1:2.47.2-0.1

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.39.2-1.1

1:2.39.2+next.20230215-1

1:2.39.5-0+deb12u1

1:2.39.5-0+deb12u2

1:2.39.5-0+deb12u3

1:2.40.0-1

1:2.40.0-1+alpha.1

1:2.40.0+next.20230313-1

1:2.40.0+next.20230319-1

1:2.40.1-1

1:2.40.1-1+alpha.1

1:2.40.1+next.20230424-1

1:2.40.1+next.20230427-1

1:2.42.0-1

1:2.43.0-1

1:2.43.0-1+alpha.2

1:2.43.0+next.20231120-1

1:2.43.0+next.20240104-1

1:2.45.1-1

1:2.45.1+next.20240516-1

1:2.45.2-1

1:2.45.2-1+alpha.1

1:2.45.2-1.1

1:2.45.2-1.1+alpha.1

1:2.45.2-1.2

1:2.45.2-1.3

1:2.45.2+next.20240614-1

1:2.47.1-1

1:2.47.2-0.1

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.47.2-0.2

1:2.47.3-0+deb13u1

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}