What's happening?

I came across this post of a critical git vulnerability (as of May 16).

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) - Help Net Security
New versions of Git are out, with fixes for CVE-2024-32002, which can be used to remotely execute code during a “clone” operation.

This vulnerability allow git to run malicious source codes by just git clone from crafted repositories through git submodules.

There is an exploitation demo here.

GitHub - safebuffer/CVE-2024-32002: CVE-2024-32002 RCE PoC
CVE-2024-32002 RCE PoC. Contribute to safebuffer/CVE-2024-32002 development by creating an account on GitHub.

Solution

Simple now as there are patches and we need to update our git.

check version

The patch versions are since v2.39.4.

We can check our current git version by run the command

git -v

Mine was “git version 2.39.3 (Apple Git-146)” and it needed to be updated.

Update git in MacOS

We can use homebrew to update it

# install git
brew install git

# symlink git 
brew unlink git && brew link git

Learn more about homebrew by this blog below:

Homebrew - One place for all
Homebrew is a package manager for MacOS and Linux. Most of necessary, popular, or essential packages (and programs) can be found here.

Update git in Windows

Follow this link and install

Git - Downloading Package

References