Detections
Analytics
CVE-2020-12279
critical
Description
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
References
https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html
https://github.com/libgit2/libgit2/releases/tag/v0.99.0
https://github.com/libgit2/libgit2/releases/tag/v0.28.4
https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v