Description
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Published: 2021-08-31
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3145-1 git security update
EUVD EUVD EUVD-2021-27510 git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Ubuntu USN Ubuntu USN USN-5076-1 Git vulnerability
History

No history.

Subscriptions

Debian Debian Linux
Git-scm Git
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T02:27:31.913Z

Reserved: 2021-08-31T00:00:00.000Z

Link: CVE-2021-40330

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-31T04:15:10.667

Modified: 2024-11-21T06:23:52.550

Link: CVE-2021-40330

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-01-07T00:00:00Z

Links: CVE-2021-40330 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses