Detections
Analytics

Alpine: multiple libgit2 packages: security update to 0.28.4-r0

critical Tenable Self-Hosted Container Security Plugin ID 405185

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka
 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,
 CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. (CVE-2019-1354)

 - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
 v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-
 stream command feature export-marks=... and it allows overwriting arbitrary paths. (CVE-2019-1348)

 - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka
 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350,
 CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1349)

 - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka
 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,
 CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1350)

 - A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka
 'Git for Visual Studio Tampering Vulnerability'. (CVE-2019-1351)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-1348

https://security.alpinelinux.org/vuln/CVE-2019-1349

https://security.alpinelinux.org/vuln/CVE-2019-1350

https://security.alpinelinux.org/vuln/CVE-2019-1351

https://security.alpinelinux.org/vuln/CVE-2019-1352

https://security.alpinelinux.org/vuln/CVE-2019-1353

https://security.alpinelinux.org/vuln/CVE-2019-1354

https://security.alpinelinux.org/vuln/CVE-2019-1387

Plugin Details

Severity: Critical

ID: 405185

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-1354

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-1353

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/10/2019

Reference Information

CVE: CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387