CVE-2019-1348

Public on 2019-12-09
Modified on 2020-03-23
Description
A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file.
Severity
Medium severity
Medium
CVSS v3 Base Score
3.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 git 2019-12-09 ALAS-2019-1325 Fixed
Amazon Linux 2 - Core git 2019-12-13 ALAS2-2019-1371 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
NVD CVSSv2 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P
NVD CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N