Git
Easy fix2 remedies
cpe:2.3:a:git:git:*:*:*:*:*:*:*
Easy fix2 remedies
- <= v2.48.1
- <= v2.47.1
- <= v2.46.3
- <= v2.45.3
- <= v2.44.3
- <= v2.43.6
- <= v2.42.4
- <= v2.41.3
- <= v2.40.4
Git Sideband Channel Vulnerability Allowing Misrepresentation of Information
Vulnerability
Patched
A vulnerability exists in Git versions through 2.48.1 that involves the sideband channel used for transporting messages from remote processes to the client. This channel can be exploited because Git does not sanitize messages before they are sent to the standard error output, which is typically connected to a terminal that interprets ANSI escape sequences. Malicious actors could use this oversight to obscure information, mislead users, or trick them into running untrusted scripts. The vulnerability is particularly concerning during recursive clones from untrusted repositories.
Impact
Exploitation of this vulnerability could lead to a high-severity misrepresentation of information, allowing for the execution of untrusted scripts under certain conditions.
Remediation
Users are advised to update to Git for Windows version 2.47.1(2) or later. Those unable to upgrade should avoid recursive clones from untrusted sources.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
1.7exploitability
4.4remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.