Git Critical RCE Vulnerability with working PoC

A vulnerability in Git was recently discovered that allows an attacker to execute remote code (an RCE) during the cloning of repositories with submodules. Multiple proof-of-concept (PoC) exploits were just released (another), making this vulnerability easy to exploit for unskilled attackers. Anyone using Git is urged to update to the latest patched versions.

The vulnerability is known as CVE-2024-32002 and affects versions prior to: 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. The vulnerabaility exploits a bug in Git where it can be tricked into writing files into a “.git/” directory, instead of into the submodule's worktree. This exploit allows writing a hook that can be executed during the clone operation, which gives the user no opportunity to inspect the code that may be executed.

There is a workaround: if symbolic link support is disabled in Git (using “git config --global core.symlinks false”), the exploit will not work. If you are unable to update immediately or disable symbolic link support, be careful when cloning repositories from untrusted sources.

If you need to stay on top of vulnerabilities that just became exploitable, contact us for a demo to see how GlassPortal can help: demo@glassportal.io