Home > Vulnerability Database > CVE-2023-23946

Mend.io Vulnerability Database

CVE-2023-23946

Good to know:

Date: February 14, 2023

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2023-23946

Url: https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd

Url: https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh

Url: https://access.redhat.com/security/cve/CVE-2023-23946

Url: https://security.gentoo.org/glsa/202312-15

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23946

Url: https://www.mend.io/vulnerability-database/CVE-2023-23946

Severity Score

7.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v2.30.8,v2.31.7,v2.32.6,v2.33.7,v2.34.7,v2.35.7,v2.36.5,v2.37.6,v2.38.4,v2.39.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23946

Good to know:

Date: February 14, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?