CVE-2021-40330

Server-Side Request Forgery (SSRF) vulnerability in git (git における SSRF (サーバサイドリクエストフォージェリ))

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated in the git commit

Disclosure Date

2021/01/07

Credit

stypr (@stereotype32)

Affected-Versions

Git: v2.30.0 and earlier

CWE

CWE-918

Product-URLs

https://git-scm.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-40330
https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473

Back

Server-Side Request Forgery (SSRF) vulnerability in git (git における SSRF (サーバサイドリクエストフォージェリ))

Disclosure Date

Credit

Affected-Versions

CWE

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ