CVE-2024-32002 : Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2024-32002 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

来源: 美国国家漏洞数据库 NVD

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

对路径名的限制不恰当(路径遍历)

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Microsoft Visual Studio 安全漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Microsoft Visual Studio是美国微软（Microsoft）公司的一款开发工具套件系列产品，也是一个基本完整的开发工具集，它包括了整个软件生命周期中所需要的大部分工具。 Microsoft Visual Studio存在安全漏洞的相关信息，请随时关注CNNVD或厂商公告。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
git	git	= 2.45.0	-

二、漏洞 CVE-2024-32002 的公开POC

#	POC 描述	源链接	神龙链接
1	None	https://github.com/Disseminator/CVE-2024-32002	POC详情
2	A submodule for exploiting CVE-2024-32002 vulnerability.	https://github.com/markuta/hooky	POC详情
3	Exploit PoC for CVE-2024-32002	https://github.com/amalmurali47/git_rce	POC详情
4	Hook for the PoC for exploiting CVE-2024-32002	https://github.com/amalmurali47/hook	POC详情
5	local poc for CVE-2024-32002	https://github.com/M507/CVE-2024-32002	POC详情
6	CVE-2024-32002 RCE PoC	https://github.com/safebuffer/CVE-2024-32002	POC详情
7	None	https://github.com/10cks/CVE-2024-32002-POC	POC详情
8	None	https://github.com/10cks/CVE-2024-32002-hulk	POC详情
9	None	https://github.com/10cks/CVE-2024-32002-submod	POC详情
10	None	https://github.com/10cks/CVE-2024-32002-smash	POC详情
11	None	https://github.com/10cks/CVE-2024-32002-linux-hulk	POC详情
12	None	https://github.com/10cks/CVE-2024-32002-linux-submod	POC详情
13	None	https://github.com/10cks/CVE-2024-32002-linux-smash	POC详情
14	None	https://github.com/aitorcastel/poc_CVE-2024-32002	POC详情
15	None	https://github.com/aitorcastel/poc_CVE-2024-32002_submodule	POC详情
16	CVE-2024-32002-hook	https://github.com/10cks/hook	POC详情
17	None	https://github.com/jweny/CVE-2024-32002_HOOK	POC详情
18	None	https://github.com/jweny/CVE-2024-32002_EXP	POC详情
19	None	https://github.com/CrackerCat/CVE-2024-32002_EXP	POC详情
20	None	https://github.com/KiranKumarK20/CVE-2024-32002	POC详情
21	None	https://github.com/jerrydotlam/cve-2024-32002-1	POC详情
22	None	https://github.com/jerrydotlam/cve-2024-32002-2	POC详情
23	None	https://github.com/jerrydotlam/cve-2024-32002-3	POC详情
24	None	https://github.com/1mxml/CVE-2024-32002-poc	POC详情
25	CVE-2024-32002 hook POC	https://github.com/Roronoawjd/hook	POC详情
26	None	https://github.com/JakobTheDev/cve-2024-32002-submodule-rce	POC详情
27	None	https://github.com/JakobTheDev/cve-2024-32002-poc-rce	POC详情
28	CVE-2024-32002 POC	https://github.com/Roronoawjd/git_rce	POC详情
29	Este script demuestra cómo explotar la vulnerabilidad CVE-2024-32002 para obtener una reverse shell, proporcionando acceso remoto al sistema afectado. Úselo con precaución en entornos controlados y solo con fines educativos o de pruebas de seguridad.	https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell	POC详情
30	None	https://github.com/YuanlooSec/CVE-2024-32002-poc	POC详情
31	None	https://github.com/bfengj/CVE-2024-32002-hook	POC详情
32	None	https://github.com/ycdxsb/CVE-2024-32002-hulk	POC详情
33	None	https://github.com/ycdxsb/CVE-2024-32002-submod	POC详情
34	None	https://github.com/bfengj/CVE-2024-32002-Exploit	POC详情
35	Repo for testing CVE-2024-32002	https://github.com/vincepsh/CVE-2024-32002	POC详情
36	CVE-2024-32002-hook	https://github.com/vincepsh/CVE-2024-32002-hook	POC详情
37	None	https://github.com/10cks/CVE-2024-32002-EXP	POC详情
38	PoC Exploit for CVE-2024-32002	https://github.com/WOOOOONG/CVE-2024-32002	POC详情
39	PoC Exploit for CVE-2024-32002	https://github.com/WOOOOONG/hook	POC详情
40	poc of git rce using cve-2024-32002	https://github.com/fadhilthomas/poc-cve-2024-32002	POC详情
41	part of poc cve-2024-32002	https://github.com/fadhilthomas/hook	POC详情
42	A submodule to demonstrate CVE-2024-32002. Demonstrates arbitrary write into .git.	https://github.com/JakobTheDev/cve-2024-32002-submodule-aw	POC详情
43	A POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory.	https://github.com/JakobTheDev/cve-2024-32002-poc-aw	POC详情
44	None	https://github.com/markuta/CVE-2024-32002	POC详情
45	None	https://github.com/Goplush/CVE-2024-32002-git-rce	POC详情
46	None	https://github.com/TanMolk/CVE-2024-32002-sub	POC详情
47	None	https://github.com/TanMolk/CVE-2024-32002	POC详情
48	CVE-2024-32002wakuwaku	https://github.com/AD-Appledog/CVE-2024-32002	POC详情
49	cve-2024-32002yahhh	https://github.com/AD-Appledog/wakuwaku	POC详情
50	https://www.cve.org/CVERecord?id=CVE-2024-32002	https://github.com/tobelight/cve_2024_32002	POC详情
51	CVE-2024-32002 poc test	https://github.com/431m/rcetest	POC详情
52	none	https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese	POC详情
53	None	https://github.com/alimuhammedkose/CVE-2024-32002-linux-smash	POC详情
54	None	https://github.com/Hector65432/cve-2024-32002-1	POC详情
55	None	https://github.com/Hector65432/cve-2024-32002-2	POC详情
56	exploit for CVE-2024-32002	https://github.com/bonnettheo/CVE-2024-32002	POC详情
57	None	https://github.com/AmbroseCdMeng/CVE-2024-32002	POC详情
58	None	https://github.com/AmbroseCdMeng/CVE-2024-32002-Hook	POC详情
59	None	https://github.com/sysonlai/CVE-2024-32002-hook	POC详情
60	None	https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc	POC详情
61	None	https://github.com/TSY244/CVE-2024-32002-git-rce	POC详情
62	None	https://github.com/blackninja23/CVE-2024-32002	POC详情
63	A Reverse shell generator for gitlab-shell vulnerability cve 2024-32002	https://github.com/daemon-reconfig/CVE-2024-32002	POC详情
64	RCE through git recursive cloning.	https://github.com/HexDoesRandomShit/CVE-2024-32002	POC详情
65	GIT RCE CVE-2024-32002	https://github.com/charlesgargasson/CVE-2024-32002	POC详情
66	PoC of CVE-2024-32002 - Remote Code Execution while cloning special-crafted local repositories	https://github.com/NishanthAnand21/CVE-2024-32002-PoC	POC详情
67	Just small script to exploit CVE-2024-32002	https://github.com/tiyeume25112004/CVE-2024-32002	POC详情
68	None	https://github.com/mprunet/cve-2024-32002-malicious	POC详情
69	None	https://github.com/mprunet/cve-2024-32002-pull	POC详情
70	None	https://github.com/chrisWalker11/CVE-2024-32002	POC详情
71	RCE through git recursive cloning.	https://github.com/h3xm4n/CVE-2024-32002	POC详情
72	adapting CVE-2024-32002 for running offline and locally	https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing	POC详情
73	POC	https://github.com/sanan2004/CVE-2024-32002	POC详情
74	None	https://github.com/FlojBoj/CVE-2024-32002	POC详情
75	This is the main repository for CVE 2024-32002, and requires recursive cloning because it contains the submodels necessary for execution.	https://github.com/JJoosh/CVE-2024-32002	POC详情
76	git clone rce CVE-2024-32002	https://github.com/EQSTLab/git_rce	POC详情
77	This is a demo for CVE-2024-32002 POC	https://github.com/Masamuneee/hook	POC详情
78	This is a demo for CVE-2024-32002 POC	https://github.com/Masamuneee/CVE-2024-32002-POC	POC详情
79	Proof of Concept for CVE-2024-32002	https://github.com/th4s1s/CVE-2024-32002-PoC	POC详情
80	hihihihaa	https://github.com/Julian-gmz/hook_CVE-2024-32002	POC详情
81	None	https://github.com/grecosamuel/CVE-2024-32002	POC详情
82	CVE-2024-32002 是 Git 中的一个严重漏洞，允许攻击者在用户执行 git clone 操作时远程执行任意代码（RCE）。	https://github.com/XiaomingX/CVE-2024-32002-poc	POC详情
83	CVE-2024-32002 是 Git 中的一个严重漏洞，允许攻击者在用户执行 git clone 操作时远程执行任意代码（RCE）。	https://github.com/XiaomingX/cve-2024-32002-poc	POC详情
84	Just small script to exploit CVE-2024-32002	https://github.com/SpycioKon/CVE-2024-32002	POC详情
85	An example of a repo that would make use of the CVE-2024-32002	https://github.com/jolibb55/donald	POC详情
86	None	https://github.com/Katherine-song/CVE-2024-32002	POC详情
87	Este script demuestra cómo explotar la vulnerabilidad CVE-2024-32002 para obtener una reverse shell, proporcionando acceso remoto al sistema afectado. Úselo con precaución en entornos controlados y solo con fines educativos o de pruebas de seguridad.	https://github.com/YukaFake/CVE-2024-32002-Reverse-Shell	POC详情
88	This is the main repository for CVE 2024-32002, and requires recursive cloning because it contains the submodels necessary for execution.	https://github.com/YukaFake/CVE-2024-32002	POC详情
89	Repository for demonstrating CVE-2024-32002	https://github.com/razenkovv/captain	POC详情
90	Repository for demonstrating CVE-2024-32002 - 2	https://github.com/razenkovv/hook	POC详情
91	This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on case-insensitive filesystems to write files into the .git/ directory, leading to the execution of malicious hooks.	https://github.com/ashutosh0408/CVE-2024-32002	POC详情
92	This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on case-insensitive filesystems to write files into the .git/ directory, leading to the execution of malicious hooks.	https://github.com/ashutosh0408/Cve-2024-32002-poc	POC详情
93	cve-2024-32002	https://github.com/Dre4m017/fuzzy	POC详情
94	None	https://github.com/JoaoLeonello/cve-2024-32002-poc	POC详情
95	None	https://github.com/srakkk/cve-2024-32002-demo	POC详情
96	None	https://github.com/srakkk/cve-2024-32002-hook	POC详情
97	None	https://github.com/mystxcal/cve-2024-32002-demo	POC详情
98	none	https://github.com/BasyacatX/CVE-2024-32002-PoC_Chinese	POC详情
99	CVE-2024-32002 是 Git 中的一个严重漏洞，允许攻击者在用户执行 git clone 操作时远程执行任意代码（RCE）。	https://github.com/BohemianHacks/CVE-2024-32002-poc	POC详情
100	Submodule repo for Backup Exec CVE-2024-32002 exploit	https://github.com/DayDayDayDreaming/backup-exec-hook	POC详情
101	Superproject repo for Backup Exec CVE-2024-32002 exploit	https://github.com/DayDayDayDreaming/backup-exec-cve-32002	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-32002 的情报信息

Please 登录 to view more intelligence information

四、漏洞 CVE-2024-32002 的评论

暂无评论

支持本站 — 捐款将帮助我们持续运营

一、漏洞 CVE-2024-32002 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2024-32002 的公开POC

三、漏洞 CVE-2024-32002 的情报信息

四、漏洞 CVE-2024-32002 的评论

发表评论

支持本站 — 捐款将帮助我们持续运营

一、 漏洞 CVE-2024-32002 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2024-32002 的公开POC

三、漏洞 CVE-2024-32002 的情报信息

四、漏洞 CVE-2024-32002 的评论

发表评论

一、漏洞 CVE-2024-32002 基础信息