Git clone Catastrophe: Unpatched Vulnerability Opens Door to Remote Code Execution
Git clone Catastrophe: Unpatched Vulnerability Opens Door to Remote Code Execution
A critical Remote Code Execution (RCE) vulnerability, CVE-2024-32002, has been identified in Git’s repository cloning process. This flaw allows attackers to exploit submodule configurations, executing arbitrary code during the clone operation without user intervention. As a result, malicious actors can gain control over the affected system, potentially installing malware or exfiltrating data. Developers cloning repositories from platforms like GitHub and GitLab are at heightened risk. Our Cyber Security Team has documented a detailed advisory outlining the vulnerability, associated risks and mitigation steps.
What is the RCE Vulnerability while Cloning Git Repositories?
A critical Remote Code Execution (RCE) vulnerability has been identified in the process of cloning Git repositories. This issue arises when repositories containing submodules are manipulated to exploit a flaw in Git, allowing files to be written not in the submodule’s work tree but directly into the “.git/” directory. This exploit causes a hook to execute during the cloning process, giving users no opportunity to inspect or interrupt the code execution. As a result, this vulnerability poses a significant security risk, as it enables automatic code execution without user verification. Malicious actors can leverage repositories with submodules to exploit this bug, leading to the execution of a hook from the “.git/” directory during the cloning process, and potentially resulting in Remote Code Execution (RCE). This type of attack is especially dangerous because it can provide attackers with control over the system, allowing them to run arbitrary code, install malware, or carry out other malicious actions without the user’s knowledge or consent. The RCE vulnerability while cloning Git repositories underscores the critical security concern identified as CVE-2024-32002.
What is affected?
Version prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 are affected