Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-48384 PoC — Git allows arbitrary code execution through broken config quoting

Source
https://github.com/vinieger/vinieger-CVE-2025-48384-Dockerfile
Associated Vulnerability
Title:Git allows arbitrary code execution through broken config quoting (CVE-2025-48384)
Description:Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Description
PoC dockerfile image for CVE-2025-48384
Readme
# vinieger-CVE-2025-48384-Dockerfile
This provised a PoC dockerfile image for CVE-2025-48384, related to https://github.com/vinieger/CVE-2025-48384, so it can be tested inside a Kubernetes cluster.

## Deploying it to GKE:


Building and Publishing to GCP registry:
> change `your registry path`
```
IMAGE="<your registry path>/alpine-cve-2025-48384:latest"

# Build and push
docker build -t $IMAGE .
docker push $IMAGE

# Check it's there
gcloud artifacts docker images list <your registry path>
```

save `alpine-cve-2025-48384-deployment.yaml`
> change `your registry path`
``` yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: alpine-cve-2025-48384
spec:
  replicas: 1
  selector:
    matchLabels:
      app: alpine-cve-2025-48384
  template:
    metadata:
      labels:
        app: alpine-cve-2025-48384
    spec:
      containers:
      - name: alpine-cve-2025-48384
        image: <your registry path>/alpine-cve-2025-48384:latest
```


Deploying to GKE:
```
kubectl apply -f alpine-cve-2025-48384-deployment.yaml
```
File Snapshot

 [4.0K]  /data/pocs/14fee874136d2e4c0e09d4644bff53c2acd0a39c
├── [ 706]  Dockerfile
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →