Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities Affecting Git
Alerts

Critical Vulnerabilities Affecting Git

18 January 2023

Git has released security updates to address two critical vulnerabilities (CVE-2022-41903 and CVE-2022-23521) affecting their product. Both vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of these vulnerabilities could enable an attacker to exploit heap-based buffer overflow weaknesses, which may result in remote code execution.

The vulnerabilities affect the following versions of Git:

  • v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, v2.39.0, and any prior versions

GitLab Community Edition (CE) and Enterprise Edition (EE) are also affected.

Administrators and users of affected versions are strongly advised to upgrade to the latest version immediately.

More information is available here:

https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/

https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/

Back to top