{"id":"AZL-42022","summary":"CVE-2024-32004 affecting package git for versions less than 2.39.4-1","details":"Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.","modified":"2026-04-01T05:14:26.222006Z","published":"2024-05-14T19:15:11Z","upstream":["CVE-2024-32004"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32004"}],"affected":[{"package":{"name":"git","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/git"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.39.4-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42022.json"}}],"schema_version":"1.7.5"}