Home > Vulnerability Database > CVE-2023-23946

Mend.io Vulnerability Database

CVE-2023-23946

Date: February 14, 2023

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply". A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use "git apply --stat" to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.

Language: C

Severity Score

6.2

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2023-23946

Url: https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd

Url: https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh

Url: https://access.redhat.com/security/cve/CVE-2023-23946

Url: https://security.gentoo.org/glsa/202312-15

Url: https://security.alpinelinux.org/vuln/CVE-2023-23946

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23946

Url: https://www.mend.io/vulnerability-database/CVE-2023-23946

Severity Score

6.2

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23946

Date: February 14, 2023

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?