CVE-2023-29007— Arbitrary configuration injection via `git submodule deinit`
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-29007
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary configuration injection via `git submodule deinit`
Source: NVD (National Vulnerability Database)
Vulnerability Description
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Git 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Git是一套免费、开源的分布式版本控制系统。 Git存在注入漏洞。攻击者利用该漏洞可以远程执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-29007
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | PoC repository for CVE-2023-29007 | https://github.com/ethiack/CVE-2023-29007 | POC Details |
| 2 | None | https://github.com/omespino/CVE-2023-29007 | POC Details |
| 3 | None | https://github.com/x-Defender/CVE-2023-29007_win-version | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-29007
请登录查看更多情报信息。
- https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-29007
IV. Related Vulnerabilities
Same product: git
- CVE-2026-32631
Git for Windows: `git clone` from manipulated repositories c - CVE-2025-66413
Git for Windows leaks NTLM hash when cloning from an attacke - CVE-2025-48384
Git allows arbitrary code execution through broken config qu - CVE-2025-48385
Git alllows arbitrary file writes via bundle-uri parameter i - CVE-2025-48386
Git allows a buffer overflow in 'wincred' credential helper
Same vendor: git
- CVE-2025-48384
Git allows arbitrary code execution through broken config qu - CVE-2025-48385
Git alllows arbitrary file writes via bundle-uri parameter i - CVE-2025-48386
Git allows a buffer overflow in 'wincred' credential helper - CVE-2024-52005
The sideband payload is passed unfiltered to the terminal in - CVE-2024-50349
Git does not sanitize URLs when asking for credentials inter
Same weakness: CWE-74
- CVE-2025-67486
Dolibarr has an Authenticated Remote Code Execution via eval - CVE-2026-26164
M365 Copilot Information Disclosure Vulnerability - CVE-2026-7045
baomidou dynamic-datasource StandardEvaluationContext/SpelEx - CVE-2026-6994
Envoy Query Parameter header_mutation.cc params.add injectio - CVE-2026-41319
MailKit has STARTTLS Response Injection via unflushed stream
V. Comments for CVE-2023-29007
No comments yet