CVE-2021-40330
Summary
| CVE | CVE-2021-40330 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-31 04:15:00 UTC |
| Updated | 2022-11-07 18:37:00 UTC |
| Description | git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Comparing v2.30.0...v2.30.1 · git/git · GitHub | MISC | github.com | |
| git_connect_git(): forbid newlines in host and path · git/git@a02ea57 · GitHub | MISC | github.com | |
| [SECURITY] [DLA 3145-1] git security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179639 Debian Security Update for git (CVE-2021-40330)
- 181127 Debian Security Update for git (DLA 3145-1)
- 198498 Ubuntu Security Notification for Git Vulnerability (USN-5076-1)
- 296067 Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)
- 500223 Alpine Linux Security Update for git
- 671147 EulerOS Security Update for git (EulerOS-SA-2021-2801)
- 671189 EulerOS Security Update for git (EulerOS-SA-2021-2929)
- 671201 EulerOS Security Update for git (EulerOS-SA-2022-1025)
- 671205 EulerOS Security Update for git (EulerOS-SA-2022-1005)
- 671277 EulerOS Security Update for git (EulerOS-SA-2022-1204)
- 671309 EulerOS Security Update for git (EulerOS-SA-2022-1223)
- 751203 OpenSUSE Security Update for git (openSUSE-SU-2021:3300-1)
- 751224 OpenSUSE Security Update for git (openSUSE-SU-2021:1345-1)
- 751260 SUSE Enterprise Linux Security Update for git (SUSE-SU-2021:3484-1)
- 900328 CBL-Mariner Linux Security Update for git 2.23.4
- 902800 Common Base Linux Mariner (CBL-Mariner) Security Update for git (5444)