Detections
Analytics

Alpine: multiple git packages, multiple perl-git packages: security update to 2.24.1-r0

critical Tenable Cloud Security Plugin ID 423957

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2,
 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands
 found in the .gitmodules file of a malicious repository. (CVE-2019-19604)

 - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
 v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-
 stream command feature export-marks=... and it allows overwriting arbitrary paths. (CVE-2019-1348)

 - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka
 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350,
 CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1349)

 - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka
 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,
 CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1350)

 - A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka
 'Git for Visual Studio Tampering Vulnerability'. (CVE-2019-1351)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-1348

https://security.alpinelinux.org/vuln/CVE-2019-1349

https://security.alpinelinux.org/vuln/CVE-2019-1350

https://security.alpinelinux.org/vuln/CVE-2019-1351

https://security.alpinelinux.org/vuln/CVE-2019-1352

https://security.alpinelinux.org/vuln/CVE-2019-1353

https://security.alpinelinux.org/vuln/CVE-2019-1354

https://security.alpinelinux.org/vuln/CVE-2019-1387

https://security.alpinelinux.org/vuln/CVE-2019-19604

Plugin Details

Severity: Critical

ID: 423957

Version: Revision 1.7

Type: Local

Published: 4/4/2025

Updated: 5/30/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-19604

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-1353

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/10/2019

Reference Information

CVE: CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604