CVE-2024-32002 - Githubissues

cuibty commented 1 month ago

Version Information

Cmder version: v1.3.24
Operating system: windows 11

https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

Cmder Edition

Cmder Full (with Git)

Description of the issue

CVE-2024-32002

How to reproduce

No response

Additional context

CVE-2024-32002

Checklist

[X] I have read the documentation.
[X] I have searched for similar issues and found none that describe my issue.
[X] I have reproduced the issue on the latest version of Cmder.
[X] I am certain my issues are not related to ConEmu, Clink, or other third-party tools that Cmder uses.

chrisant996 commented 1 month ago

It's saying there's a security bug in git.

The mitigation would be to update the version of git included by Cmder.

DRSDavidSoft commented 1 month ago

@MartiUK Do we need to release a v1.3.25? The previous included version of git in v1.3.24 was v2.41.0.windows.3 which apparently is v2.41.0 <=v2.40.1 i.e. vulnerable according to CVE-2024-32002

MartiUK commented 1 month ago

Yes, I think we do.

MartiUK commented 1 month ago

https://github.com/cmderdev/cmder/releases/tag/v1.3.25