{"id":"CLSA-2023-1677095411","summary":"git: Fix of 6 CVEs","details":"- CVE-2022-41903: fix out-of-bounds write caused by integer overflow\n- CVE-2021-40330: forbid newlines in host and path\n- CVE-2022-39260: reject too long command line strings\n- CVE-2021-23521: implement size checks for .gitattributes\n- CVE-2023-22490: prevent arbitrary path exfiltration when using non-local transports\n- CVE-2023-23946: prevent git-apply from writing behind newly created symbolic links","modified":"2026-05-27T11:34:19.705187524Z","published":"2023-02-22T19:50:11Z","upstream":["CVE-2021-23521","CVE-2021-40330","CVE-2022-39260","CVE-2022-41903","CVE-2023-22490","CVE-2023-23946"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.4-els/CLSA-2023-1677095411.html"}],"affected":[{"package":{"name":"git","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-all","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-all?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-core","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-core?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-core-doc","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-core-doc?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-credential-libsecret","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-credential-libsecret?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-daemon","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-daemon?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-email","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-email?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-gui","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-gui?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-instaweb","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-instaweb?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-subtree","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-subtree?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"git-svn","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/git-svn?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"gitk","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/gitk?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"gitweb","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/gitweb?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"perl-Git","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/perl-Git?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}},{"package":{"name":"perl-Git-SVN","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/perl-Git-SVN?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2023-1677095411.json"}}],"schema_version":"1.7.5"}