Warning of Critical Vulnerabilities in Git System

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Git system that could be exploited by attackers for remote code execution.

Git is a distributed revision control tool. Git is a popular open-source tool used worldwide.

Critical vulnerabilities are tracked as CVE-2022-23521 and CVE-2022-41903. The vulnerabilities allow an unauthenticated attacker to execute code remotely. Both vulnerabilities have been assigned a CVSS score of 9.8.

The following versions of Git system are affected:

  • 30.6
  • 31.5
  • 32.4
  • 33.5
  • 34.5
  • 35.5
  • 36.3
  • 37.4
  • 38.2
  • 39.0.

Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all operators of vulnerable systems:

  • check and update Git to the latest versions where these vulnerabilities are already patched,
  • check and update all systems that use Git (e.g. GitLab, which has also released a patch),
  • in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].



« Späť na zoznam