{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2023-29007","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2023-03-29T17:39:16.142Z","datePublished":"2023-04-25T20:09:52.182Z","dateUpdated":"2025-11-04T16:10:07.750Z"},"containers":{"cna":{"title":"Arbitrary configuration injection via `git submodule deinit`","problemTypes":[{"descriptions":[{"cweId":"CWE-74","lang":"en","description":"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844","tags":["x_refsource_CONFIRM"],"url":"https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844"},{"name":"https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4","tags":["x_refsource_MISC"],"url":"https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4"},{"name":"https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt","tags":["x_refsource_MISC"],"url":"https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"},{"url":"https://security.gentoo.org/glsa/202312-15"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"}],"affected":[{"vendor":"git","product":"git","versions":[{"version":"< 2.30.9","status":"affected"},{"version":">= 2.31.0, < 2.31.8","status":"affected"},{"version":">= 2.32.0, < 2.32.7","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.34.0, < 2.34.8","status":"affected"},{"version":">= 2.35.0, < 2.35.8","status":"affected"},{"version":">= 2.36.0, < 2.36.6","status":"affected"},{"version":">= 2.37.0, < 2.37.7","status":"affected"},{"version":">= 2.38.0, < 2.38.5","status":"affected"},{"version":">= 2.39.0, < 2.39.3","status":"affected"},{"version":">= 2.40.0, < 2.40.1","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-06-26T10:05:57.735Z"},"descriptions":[{"lang":"en","value":"Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`."}],"source":{"advisory":"GHSA-v48j-4xgg-4844","discovery":"UNKNOWN"}},"adp":[{"title":"CVE Program Container","references":[{"name":"https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844"},{"name":"https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4"},{"name":"https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/git/git/blob/9ce9dea4e1c2419cca126d29fa7730baa078a11b/Documentation/RelNotes/2.30.9.txt"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/","tags":["x_transferred"]},{"url":"https://security.gentoo.org/glsa/202312-15","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T16:10:07.750Z"}}]},"dataVersion":"5.2"}