{"api_version":"1","generated_at":"2026-04-23T05:14:44+00:00","cve":"CVE-2022-29187","urls":{"html":"https://cve.report/CVE-2022-29187","api":"https://cve.report/api/cve/CVE-2022-29187.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-29187","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-29187"},"summary":{"title":"CVE-2022-29187","description":"Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-07-12 21:15:00","updated_at":"2024-01-14 10:15:00"},"problem_types":["CWE-427","CWE-282"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/","name":"FEDORA-2023-470c7ea49e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: libgit2-1.3.2-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/","name":"FEDORA-2022-dfd7e7fc0e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: git-2.37.1-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/","name":"FEDORA-2023-e3c8abd37e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: rust-cargo-c-0.9.12-3.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2022/Nov/1","name":"20221107 APPLE-SA-2022-11-01-1 Xcode 14.1","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-11-01-1 Xcode 14.1","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v","name":"https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v","refsource":"CONFIRM","tags":[],"title":"Bypass of safe.directory protections · Advisory · git/git · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/07/14/1","name":"[oss-security] 20220713 Git v2.37.1 and friends for CVE-2022-29187","refsource":"MLIST","tags":[],"title":"oss-security - Git v2.37.1 and friends for CVE-2022-29187","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-17","name":"GLSA-202401-17","refsource":"","tags":[],"title":"libgit2: Privilege Escalation Vulnerability (GLSA 202401-17) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/","name":"FEDORA-2023-1068309389","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: libgit2-1.3.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/","name":"FEDORA-2023-470c7ea49e","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: libgit2-1.3.2-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.blog/2022-04-12-git-security-vulnerability-announced","name":"https://github.blog/2022-04-12-git-security-vulnerability-announced","refsource":"MISC","tags":[],"title":"Git security vulnerability announced | The GitHub Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/","name":"FEDORA-2023-3ec32f6d4e","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: rust-bat-0.21.0-6.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html","name":"[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3239-1] git security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/T/#u","name":"https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/T/#u","refsource":"","tags":[],"title":"[ANNOUNCE] Git v2.37.1 and others","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202312-15","name":"GLSA-202312-15","refsource":"","tags":[],"title":"Git: Multiple Vulnerabilities (GLSA 202312-15) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/","name":"FEDORA-2022-dfd7e7fc0e","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: git-2.37.1-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/","name":"FEDORA-2023-3ec32f6d4e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: rust-bat-0.21.0-6.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/","name":"FEDORA-2022-2a5de7cb8b","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: git-2.37.1-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u","name":"https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u","refsource":"MISC","tags":[],"title":"[ANNOUNCE] Git v2.37.1 and others","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/","name":"FEDORA-2022-2a5de7cb8b","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: git-2.37.1-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/","name":"FEDORA-2023-1068309389","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: libgit2-1.3.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213496","name":"https://support.apple.com/kb/HT213496","refsource":"CONFIRM","tags":[],"title":"About the security content of Xcode 14.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/","name":"FEDORA-2023-e3c8abd37e","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: rust-cargo-c-0.9.12-3.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-29187","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29187","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"29187","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"xcode","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29187","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29187","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29187","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29187","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"29187","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"git-scm","cpe5":"git","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-29187","qid":"160630","title":"Oracle Enterprise Linux Security Update for git (ELSA-2023-2319)"},{"cve":"CVE-2022-29187","qid":"160657","title":"Oracle Enterprise Linux Security Update for git (ELSA-2023-2859)"},{"cve":"CVE-2022-29187","qid":"181320","title":"Debian Security Update for git (DLA 3239-1)"},{"cve":"CVE-2022-29187","qid":"181321","title":"Debian Security Update for git (DLA 3239-2)"},{"cve":"CVE-2022-29187","qid":"181518","title":"Debian Security Update for git (DSA 5332-1)"},{"cve":"CVE-2022-29187","qid":"182337","title":"Debian Security Update for git (CVE-2022-29187)"},{"cve":"CVE-2022-29187","qid":"198856","title":"Ubuntu Security Notification for Git Vulnerabilities (USN-5511-1)"},{"cve":"CVE-2022-29187","qid":"241436","title":"Red Hat Update for git (RHSA-2023:2319)"},{"cve":"CVE-2022-29187","qid":"241487","title":"Red Hat Update for git (RHSA-2023:2859)"},{"cve":"CVE-2022-29187","qid":"242859","title":"Red Hat Update for git (RHSA-2024:0407)"},{"cve":"CVE-2022-29187","qid":"282953","title":"Fedora Security Update for git (FEDORA-2022-dfd7e7fc0e)"},{"cve":"CVE-2022-29187","qid":"282985","title":"Fedora Security Update for git (FEDORA-2022-2a5de7cb8b)"},{"cve":"CVE-2022-29187","qid":"283637","title":"Fedora Security Update for libgit2 (FEDORA-2023-470c7ea49e)"},{"cve":"CVE-2022-29187","qid":"283645","title":"Fedora Security Update for rust (FEDORA-2023-e3c8abd37e)"},{"cve":"CVE-2022-29187","qid":"283646","title":"Fedora Security Update for libgit2 (FEDORA-2023-1068309389)"},{"cve":"CVE-2022-29187","qid":"283652","title":"Fedora Security Update for rust (FEDORA-2023-3ec32f6d4e)"},{"cve":"CVE-2022-29187","qid":"354010","title":"Amazon Linux Security Advisory for git : ALAS2-2022-1820"},{"cve":"CVE-2022-29187","qid":"354034","title":"Amazon Linux Security Advisory for git : ALAS-2022-1623"},{"cve":"CVE-2022-29187","qid":"354337","title":"Amazon Linux Security Advisory for git : ALAS2022-2022-118"},{"cve":"CVE-2022-29187","qid":"354445","title":"Amazon Linux Security Advisory for git : ALAS2022-2022-236"},{"cve":"CVE-2022-29187","qid":"354589","title":"Amazon Linux Security Advisory for git : ALAS-2022-236"},{"cve":"CVE-2022-29187","qid":"355256","title":"Amazon Linux Security Advisory for git : ALAS2023-2023-065"},{"cve":"CVE-2022-29187","qid":"377735","title":"Apple Xcode Prior to 14.1 Vulnerabilities (HT213496)"},{"cve":"CVE-2022-29187","qid":"379406","title":"Git for Windows Multiple Security Vulnerability (CVE-2022-29187,CVE-2022-31012)"},{"cve":"CVE-2022-29187","qid":"502431","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-29187","qid":"502432","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-29187","qid":"502433","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-29187","qid":"502434","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-29187","qid":"502725","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-29187","qid":"502876","title":"Alpine Linux Security Update for libgit2"},{"cve":"CVE-2022-29187","qid":"672092","title":"EulerOS Security Update for git (EulerOS-SA-2022-2286)"},{"cve":"CVE-2022-29187","qid":"672103","title":"EulerOS Security Update for git (EulerOS-SA-2022-2315)"},{"cve":"CVE-2022-29187","qid":"672200","title":"EulerOS Security Update for git (EulerOS-SA-2022-2459)"},{"cve":"CVE-2022-29187","qid":"672263","title":"EulerOS Security Update for git (EulerOS-SA-2022-2680)"},{"cve":"CVE-2022-29187","qid":"672266","title":"EulerOS Security Update for git (EulerOS-SA-2022-2648)"},{"cve":"CVE-2022-29187","qid":"690897","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for git (b99f99f6-021e-11ed-8c6f-000c29ffbb6c)"},{"cve":"CVE-2022-29187","qid":"710816","title":"Gentoo Linux Git Multiple Vulnerabilities (GLSA 202312-15)"},{"cve":"CVE-2022-29187","qid":"710835","title":"Gentoo Linux libgit2 Privilege Escalation Vulnerability (GLSA 202401-17)"},{"cve":"CVE-2022-29187","qid":"752375","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:2535-1)"},{"cve":"CVE-2022-29187","qid":"752381","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:2537-1)"},{"cve":"CVE-2022-29187","qid":"752392","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:2550-1)"},{"cve":"CVE-2022-29187","qid":"752650","title":"SUSE Enterprise Linux Security Update for libgit2 (SUSE-SU-2022:3494-1)"},{"cve":"CVE-2022-29187","qid":"752654","title":"SUSE Enterprise Linux Security Update for libgit2 (SUSE-SU-2022:3495-1)"},{"cve":"CVE-2022-29187","qid":"753386","title":"SUSE Enterprise Linux Security Update for libgit2 (SUSE-SU-2022:3283-1)"},{"cve":"CVE-2022-29187","qid":"941032","title":"AlmaLinux Security Update for git (ALSA-2023:2319)"},{"cve":"CVE-2022-29187","qid":"941077","title":"AlmaLinux Security Update for git (ALSA-2023:2859)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-29187","STATE":"PUBLIC","TITLE":"Bypass of safe.directory protections in Git"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"git","version":{"version_data":[{"version_value":">= 2.30.3, < 2.30.5"},{"version_value":">= 2.31.2, < 2.31.4"},{"version_value":">= 2.32.1, < 2.32.3"},{"version_value":">= 2.33.2, < 2.33.4"},{"version_value":">= 2.34.2, < 2.34.4"},{"version_value":">= 2.35.2, < 2.35.4"},{"version_value":">= 2.36, < 2.36.2"},{"version_value":">= 2.37, < 2.37.1"}]}}]},"vendor_name":"git"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-282: Improper Ownership Management"}]},{"description":[{"lang":"eng","value":"CWE-427: Uncontrolled Search Path Element"}]}]},"references":{"reference_data":[{"name":"https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v","refsource":"CONFIRM","url":"https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v"},{"name":"https://github.blog/2022-04-12-git-security-vulnerability-announced","refsource":"MISC","url":"https://github.blog/2022-04-12-git-security-vulnerability-announced"},{"name":"https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u","refsource":"MISC","url":"https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u"},{"refsource":"MLIST","name":"[oss-security] 20220713 Git v2.37.1 and friends for CVE-2022-29187","url":"http://www.openwall.com/lists/oss-security/2022/07/14/1"},{"refsource":"FEDORA","name":"FEDORA-2022-dfd7e7fc0e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"},{"refsource":"FEDORA","name":"FEDORA-2022-2a5de7cb8b","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213496","url":"https://support.apple.com/kb/HT213496"},{"refsource":"FULLDISC","name":"20221107 APPLE-SA-2022-11-01-1 Xcode 14.1","url":"http://seclists.org/fulldisclosure/2022/Nov/1"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"},{"refsource":"FEDORA","name":"FEDORA-2023-470c7ea49e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"},{"refsource":"FEDORA","name":"FEDORA-2023-e3c8abd37e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"},{"refsource":"FEDORA","name":"FEDORA-2023-1068309389","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"},{"refsource":"FEDORA","name":"FEDORA-2023-3ec32f6d4e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"}]},"source":{"advisory":"GHSA-j342-m5hw-rr3v","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-07-12 21:15:00","lastModifiedDate":"2024-01-14 10:15:00","problem_types":["CWE-427","CWE-282"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.35.2","versionEndExcluding":"2.35.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.34.2","versionEndExcluding":"2.34.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.33.2","versionEndExcluding":"2.33.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.32.1","versionEndExcluding":"2.32.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.31.2","versionEndExcluding":"2.31.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.30.3","versionEndExcluding":"2.30.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.36.0","versionEndExcluding":"2.36.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.37.0","versionEndExcluding":"2.37.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}