- 1.0.0
- This version work only on remote target with authenticated user and git version 2.45.0 affected.
This vulnerability affect Git with version:
2.45.0
The POC can trigger an RCE (Remote Command Execution) using the git clone command via specific vulnerable use of submodules of git that follow symlinks, so the context need to have core.symlinks to true for work correctly.
NOTE: This is possible via
git config --global core.symlinks true
For trigger the rce you need to use two different repositories.
The first repository include a submodule that include a specific path with a symlink to a .git directory.
The second repository include a malicious hook that is used as a submodule in the first repository, and contain a script called post-checkout that contain malicious code that will be run exploiting the case-insensitive filesystem.
This is a vulnerability analysis tool for educational purposes only