Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Remediation

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u

https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

https://security.gentoo.org/glsa/202003-30

Related Vulnerabilities

CVE-2021-23413 Vulnerability in npm package jszip

CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

CVE-2021-41038 Vulnerability in npm package @theia/plugin-ext

CVE-2021-32736 Vulnerability in npm package think-helper

CVE-2020-7699 Vulnerability in npm package express-fileupload

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-Other