The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Git system that could be exploited by attackers for remote code execution.
Git is a distributed revision control tool. Git is a popular open-source tool used worldwide.
Critical vulnerabilities are tracked as CVE-2022-23521 and CVE-2022-41903. The vulnerabilities allow an unauthenticated attacker to execute code remotely. Both vulnerabilities have been assigned a CVSS score of 9.8.
The following versions of Git system are affected:
Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all operators of vulnerable systems:
- check and update Git to the latest versions where these vulnerabilities are already patched,
- check and update all systems that use Git (e.g. GitLab, which has also released a patch),
- in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].
« Späť na zoznam