REDHAT-BUG-2378806
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2378806?
The severity of REDHAT-BUG-2378806 is considered high due to its potential impact on Git's configuration handling.
How do I fix REDHAT-BUG-2378806?
To fix REDHAT-BUG-2378806, upgrade your Git version to the latest stable release beyond the affected versions.
What versions of Git are affected by REDHAT-BUG-2378806?
The affected versions of Git include 2.43.7 and versions from 2.44.0 to 2.50.0.
What kind of issue is presented in REDHAT-BUG-2378806?
REDHAT-BUG-2378806 presents an issue where Git incorrectly strips trailing carriage returns and line feeds from config values.
Can REDHAT-BUG-2378806 lead to data corruption?
Yes, incorrectly processed config values due to REDHAT-BUG-2378806 can potentially lead to data corruption in Git repositories.