Multiple Git vulnerabilities in 2.24 and older
Learn more about the security vulnerabilities in Git 2.24 and older.

Today, the Git project released a series of security patches to address multiple security vulnerabilities in versions 2.24 and older.
These updates are highly recommended for all Git users, but they’re especially critical if you use Git on Windows[1]. If you clone untrusted repositories, there is no workaround that avoids the risk of any vulnerabilities disclosed in this post, except for updating.
If you use Git on another operating system, this update is still highly recommended. However, if you can’t update immediately, here are some things you can do to reduce your risk:
- Avoid running
git clone --recurse-submodules
andgit submodule update
with untrusted repositories. - Avoid running
git fast-import
on untrusted input streams. It’s still safe to use remote helpers that usegit fast-import
on the backend (such asgit-remote-hg
,git-p4
). - Avoid cloning untrusted repositories into NTFS mounts on any platform.
The new releases contain partial support for rejecting pushes that exploit these vulnerabilities, but some cases remain uncovered. It’s important to update, and not rely on hosting providers to block all exploits.
If you use GitHub Enterprise Server, these fixes will be included in the next patch release for all supported versions.
[1]: CVEs CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, and, CVE-2019-1354 are Windows-specific vulnerabilities that can lead to remote code execution when cloning an untrusted repository. They’re patched only in today’s security releases. CVE-2019-1352 can affect non-Windows users, but only if you mount an NTFS volume.
Tags:
Written by
Related posts

World Water Day: how GitHub Copilot is helping bring clean water to communities
From simplifying the workflow of a developer to having an impact on the global water crisis, technology and AI are reshaping the way charity: water works.

Highlights from Git 2.49
The open source Git project just released Git 2.49. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.

Four steps toward building an open source community
Three maintainers talk about how they fostered their open source communities.