Git vulnerability (CVE-2024-32002)
What's happening?
I came across this post of a critical git vulnerability (as of May 16).
This vulnerability allow git to run malicious source codes by just git clone
from crafted repositories through git submodules.
There is an exploitation demo here.
Solution
Simple now as there are patches and we need to update our git.
check version
The patch versions are since v2.39.4.
We can check our current git version by run the command
git -v
Mine was “git version 2.39.3 (Apple Git-146)” and it needed to be updated.
Update git in MacOS
We can use homebrew to update it
# install git
brew install git
# symlink git
brew unlink git && brew link git
Learn more about homebrew by this blog below:
Update git in Windows
Follow this link and install