CVE-2024-32002— Microsoft Visual Studio 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-32002の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
ソース: NVD (National Vulnerability Database)
脆弱性説明
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
对路径名的限制不恰当(路径遍历)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Microsoft Visual Studio 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Microsoft Visual Studio是美国微软(Microsoft)公司的一款开发工具套件系列产品,也是一个基本完整的开发工具集,它包括了整个软件生命周期中所需要的大部分工具。 Microsoft Visual Studio存在安全漏洞的相关信息,请随时关注CNNVD或厂商公告。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2024-32002の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | None | https://github.com/Disseminator/CVE-2024-32002 | POC詳細 |
| 2 | A submodule for exploiting CVE-2024-32002 vulnerability. | https://github.com/markuta/hooky | POC詳細 |
| 3 | Exploit PoC for CVE-2024-32002 | https://github.com/amalmurali47/git_rce | POC詳細 |
| 4 | Hook for the PoC for exploiting CVE-2024-32002 | https://github.com/amalmurali47/hook | POC詳細 |
| 5 | local poc for CVE-2024-32002 | https://github.com/M507/CVE-2024-32002 | POC詳細 |
| 6 | CVE-2024-32002 RCE PoC | https://github.com/safebuffer/CVE-2024-32002 | POC詳細 |
| 7 | None | https://github.com/10cks/CVE-2024-32002-POC | POC詳細 |
| 8 | None | https://github.com/10cks/CVE-2024-32002-hulk | POC詳細 |
| 9 | None | https://github.com/10cks/CVE-2024-32002-submod | POC詳細 |
| 10 | None | https://github.com/10cks/CVE-2024-32002-smash | POC詳細 |
| 11 | None | https://github.com/10cks/CVE-2024-32002-linux-hulk | POC詳細 |
| 12 | None | https://github.com/10cks/CVE-2024-32002-linux-submod | POC詳細 |
| 13 | None | https://github.com/10cks/CVE-2024-32002-linux-smash | POC詳細 |
| 14 | None | https://github.com/aitorcastel/poc_CVE-2024-32002 | POC詳細 |
| 15 | None | https://github.com/aitorcastel/poc_CVE-2024-32002_submodule | POC詳細 |
| 16 | CVE-2024-32002-hook | https://github.com/10cks/hook | POC詳細 |
| 17 | None | https://github.com/jweny/CVE-2024-32002_HOOK | POC詳細 |
| 18 | None | https://github.com/jweny/CVE-2024-32002_EXP | POC詳細 |
| 19 | None | https://github.com/CrackerCat/CVE-2024-32002_EXP | POC詳細 |
| 20 | None | https://github.com/KiranKumarK20/CVE-2024-32002 | POC詳細 |
| 21 | None | https://github.com/jerrydotlam/cve-2024-32002-1 | POC詳細 |
| 22 | None | https://github.com/jerrydotlam/cve-2024-32002-2 | POC詳細 |
| 23 | None | https://github.com/jerrydotlam/cve-2024-32002-3 | POC詳細 |
| 24 | None | https://github.com/1mxml/CVE-2024-32002-poc | POC詳細 |
| 25 | CVE-2024-32002 hook POC | https://github.com/Roronoawjd/hook | POC詳細 |
| 26 | None | https://github.com/JakobTheDev/cve-2024-32002-submodule-rce | POC詳細 |
| 27 | None | https://github.com/JakobTheDev/cve-2024-32002-poc-rce | POC詳細 |
| 28 | CVE-2024-32002 POC | https://github.com/Roronoawjd/git_rce | POC詳細 |
| 29 | Este script demuestra cómo explotar la vulnerabilidad CVE-2024-32002 para obtener una reverse shell, proporcionando acceso remoto al sistema afectado. Úselo con precaución en entornos controlados y solo con fines educativos o de pruebas de seguridad. | https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell | POC詳細 |
| 30 | None | https://github.com/YuanlooSec/CVE-2024-32002-poc | POC詳細 |
| 31 | None | https://github.com/bfengj/CVE-2024-32002-hook | POC詳細 |
| 32 | None | https://github.com/ycdxsb/CVE-2024-32002-hulk | POC詳細 |
| 33 | None | https://github.com/ycdxsb/CVE-2024-32002-submod | POC詳細 |
| 34 | None | https://github.com/bfengj/CVE-2024-32002-Exploit | POC詳細 |
| 35 | Repo for testing CVE-2024-32002 | https://github.com/vincepsh/CVE-2024-32002 | POC詳細 |
| 36 | CVE-2024-32002-hook | https://github.com/vincepsh/CVE-2024-32002-hook | POC詳細 |
| 37 | None | https://github.com/10cks/CVE-2024-32002-EXP | POC詳細 |
| 38 | PoC Exploit for CVE-2024-32002 | https://github.com/WOOOOONG/CVE-2024-32002 | POC詳細 |
| 39 | PoC Exploit for CVE-2024-32002 | https://github.com/WOOOOONG/hook | POC詳細 |
| 40 | poc of git rce using cve-2024-32002 | https://github.com/fadhilthomas/poc-cve-2024-32002 | POC詳細 |
| 41 | part of poc cve-2024-32002 | https://github.com/fadhilthomas/hook | POC詳細 |
| 42 | A submodule to demonstrate CVE-2024-32002. Demonstrates arbitrary write into .git. | https://github.com/JakobTheDev/cve-2024-32002-submodule-aw | POC詳細 |
| 43 | A POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory. | https://github.com/JakobTheDev/cve-2024-32002-poc-aw | POC詳細 |
| 44 | None | https://github.com/markuta/CVE-2024-32002 | POC詳細 |
| 45 | None | https://github.com/Goplush/CVE-2024-32002-git-rce | POC詳細 |
| 46 | None | https://github.com/TanMolk/CVE-2024-32002-sub | POC詳細 |
| 47 | None | https://github.com/TanMolk/CVE-2024-32002 | POC詳細 |
| 48 | CVE-2024-32002wakuwaku | https://github.com/AD-Appledog/CVE-2024-32002 | POC詳細 |
| 49 | cve-2024-32002yahhh | https://github.com/AD-Appledog/wakuwaku | POC詳細 |
| 50 | https://www.cve.org/CVERecord?id=CVE-2024-32002 | https://github.com/tobelight/cve_2024_32002 | POC詳細 |
| 51 | CVE-2024-32002 poc test | https://github.com/431m/rcetest | POC詳細 |
| 52 | none | https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese | POC詳細 |
| 53 | None | https://github.com/alimuhammedkose/CVE-2024-32002-linux-smash | POC詳細 |
| 54 | None | https://github.com/Hector65432/cve-2024-32002-1 | POC詳細 |
| 55 | None | https://github.com/Hector65432/cve-2024-32002-2 | POC詳細 |
| 56 | exploit for CVE-2024-32002 | https://github.com/bonnettheo/CVE-2024-32002 | POC詳細 |
| 57 | None | https://github.com/AmbroseCdMeng/CVE-2024-32002 | POC詳細 |
| 58 | None | https://github.com/AmbroseCdMeng/CVE-2024-32002-Hook | POC詳細 |
| 59 | None | https://github.com/sysonlai/CVE-2024-32002-hook | POC詳細 |
| 60 | None | https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc | POC詳細 |
| 61 | None | https://github.com/TSY244/CVE-2024-32002-git-rce | POC詳細 |
| 62 | None | https://github.com/blackninja23/CVE-2024-32002 | POC詳細 |
| 63 | A Reverse shell generator for gitlab-shell vulnerability cve 2024-32002 | https://github.com/daemon-reconfig/CVE-2024-32002 | POC詳細 |
| 64 | RCE through git recursive cloning. | https://github.com/HexDoesRandomShit/CVE-2024-32002 | POC詳細 |
| 65 | GIT RCE CVE-2024-32002 | https://github.com/charlesgargasson/CVE-2024-32002 | POC詳細 |
| 66 | PoC of CVE-2024-32002 - Remote Code Execution while cloning special-crafted local repositories | https://github.com/NishanthAnand21/CVE-2024-32002-PoC | POC詳細 |
| 67 | Just small script to exploit CVE-2024-32002 | https://github.com/tiyeume25112004/CVE-2024-32002 | POC詳細 |
| 68 | None | https://github.com/mprunet/cve-2024-32002-malicious | POC詳細 |
| 69 | None | https://github.com/mprunet/cve-2024-32002-pull | POC詳細 |
| 70 | None | https://github.com/chrisWalker11/CVE-2024-32002 | POC詳細 |
| 71 | RCE through git recursive cloning. | https://github.com/h3xm4n/CVE-2024-32002 | POC詳細 |
| 72 | adapting CVE-2024-32002 for running offline and locally | https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing | POC詳細 |
| 73 | POC | https://github.com/sanan2004/CVE-2024-32002 | POC詳細 |
| 74 | None | https://github.com/FlojBoj/CVE-2024-32002 | POC詳細 |
| 75 | This is the main repository for CVE 2024-32002, and requires recursive cloning because it contains the submodels necessary for execution. | https://github.com/JJoosh/CVE-2024-32002 | POC詳細 |
| 76 | git clone rce CVE-2024-32002 | https://github.com/EQSTLab/git_rce | POC詳細 |
| 77 | This is a demo for CVE-2024-32002 POC | https://github.com/Masamuneee/hook | POC詳細 |
| 78 | This is a demo for CVE-2024-32002 POC | https://github.com/Masamuneee/CVE-2024-32002-POC | POC詳細 |
| 79 | Proof of Concept for CVE-2024-32002 | https://github.com/th4s1s/CVE-2024-32002-PoC | POC詳細 |
| 80 | hihihihaa | https://github.com/Julian-gmz/hook_CVE-2024-32002 | POC詳細 |
| 81 | None | https://github.com/grecosamuel/CVE-2024-32002 | POC詳細 |
| 82 | CVE-2024-32002 是 Git 中的一个严重漏洞,允许攻击者在用户执行 git clone 操作时远程执行任意代码(RCE)。 | https://github.com/XiaomingX/CVE-2024-32002-poc | POC詳細 |
| 83 | CVE-2024-32002 是 Git 中的一个严重漏洞,允许攻击者在用户执行 git clone 操作时远程执行任意代码(RCE)。 | https://github.com/XiaomingX/cve-2024-32002-poc | POC詳細 |
| 84 | Just small script to exploit CVE-2024-32002 | https://github.com/SpycioKon/CVE-2024-32002 | POC詳細 |
| 85 | An example of a repo that would make use of the CVE-2024-32002 | https://github.com/jolibb55/donald | POC詳細 |
| 86 | None | https://github.com/Katherine-song/CVE-2024-32002 | POC詳細 |
| 87 | Este script demuestra cómo explotar la vulnerabilidad CVE-2024-32002 para obtener una reverse shell, proporcionando acceso remoto al sistema afectado. Úselo con precaución en entornos controlados y solo con fines educativos o de pruebas de seguridad. | https://github.com/YukaFake/CVE-2024-32002-Reverse-Shell | POC詳細 |
| 88 | This is the main repository for CVE 2024-32002, and requires recursive cloning because it contains the submodels necessary for execution. | https://github.com/YukaFake/CVE-2024-32002 | POC詳細 |
| 89 | Repository for demonstrating CVE-2024-32002 | https://github.com/razenkovv/captain | POC詳細 |
| 90 | Repository for demonstrating CVE-2024-32002 - 2 | https://github.com/razenkovv/hook | POC詳細 |
| 91 | This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on case-insensitive filesystems to write files into the .git/ directory, leading to the execution of malicious hooks. | https://github.com/ashutosh0408/CVE-2024-32002 | POC詳細 |
| 92 | This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on case-insensitive filesystems to write files into the .git/ directory, leading to the execution of malicious hooks. | https://github.com/ashutosh0408/Cve-2024-32002-poc | POC詳細 |
| 93 | cve-2024-32002 | https://github.com/Dre4m017/fuzzy | POC詳細 |
| 94 | None | https://github.com/JoaoLeonello/cve-2024-32002-poc | POC詳細 |
| 95 | None | https://github.com/srakkk/cve-2024-32002-demo | POC詳細 |
| 96 | None | https://github.com/srakkk/cve-2024-32002-hook | POC詳細 |
| 97 | None | https://github.com/mystxcal/cve-2024-32002-demo | POC詳細 |
| 98 | none | https://github.com/BasyacatX/CVE-2024-32002-PoC_Chinese | POC詳細 |
| 99 | CVE-2024-32002 是 Git 中的一个严重漏洞,允许攻击者在用户执行 git clone 操作时远程执行任意代码(RCE)。 | https://github.com/BohemianHacks/CVE-2024-32002-poc | POC詳細 |
| 100 | Submodule repo for Backup Exec CVE-2024-32002 exploit | https://github.com/DayDayDayDreaming/backup-exec-hook | POC詳細 |
| 101 | Superproject repo for Backup Exec CVE-2024-32002 exploit | https://github.com/DayDayDayDreaming/backup-exec-cve-32002 | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-32002のインテリジェンス情報
请登录查看更多情报信息。
- https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgvx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2024-32002
Same Patch Batch · git · 2024-05-14 · 5 CVEs total
| CVE-2024-32004 | 8.2 HIGH | Git vulnerable to Remote Code Execution while cloning special-crafted local repositories |
| CVE-2024-32465 | 7.4 HIGH | Git's protections for cloning untrusted repositories can be bypassed |
| CVE-2024-32020 | 3.9 LOW | Cloning local Git repository by untrusted user allows the untrusted user to modify objects |
| CVE-2024-32021 | 3.9 LOW | Local Git clone may hardlink arbitrary user-readable files into the new repository's "obje |
IV. 関連脆弱性
同じ製品: git
- CVE-2026-32631
Git for Windows: `git clone` from manipulated repositories c - CVE-2025-66413
Git for Windows leaks NTLM hash when cloning from an attacke - CVE-2025-48384
Git allows arbitrary code execution through broken config qu - CVE-2025-48385
Git alllows arbitrary file writes via bundle-uri parameter i - CVE-2025-48386
Git allows a buffer overflow in 'wincred' credential helper
同じベンダー: git
- CVE-2025-48384
Git allows arbitrary code execution through broken config qu - CVE-2025-48385
Git alllows arbitrary file writes via bundle-uri parameter i - CVE-2025-48386
Git allows a buffer overflow in 'wincred' credential helper - CVE-2024-52005
The sideband payload is passed unfiltered to the terminal in - CVE-2024-50349
Git does not sanitize URLs when asking for credentials inter
同じ弱点: CWE-22
- CVE-2026-44068
EA path traversal via incomplete sanitization - CVE-2026-39405
Frappe has Path Transversal via SCORM - CVE-2026-39352
Frappe has an Arbitrary File Read via Path Traversal in rend - CVE-2026-9129
Path Traversal in Altium Enterprise Server Viewer StorageCon - CVE-2026-9102
Path Traversal in Altium Enterprise Server ComparisonService
V. CVE-2024-32002へのコメント
まだコメントはありません