mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
8.4 KiB
8.4 KiB
CVE-2024-32002
&color=brighgreen)
Description
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
POC
Reference
No PoCs from references.
Github
- https://github.com/0day404/HV-2024-POC
- https://github.com/0xMarcio/cve
- https://github.com/10cks/CVE-2024-32002-EXP
- https://github.com/10cks/CVE-2024-32002-POC
- https://github.com/10cks/CVE-2024-32002-hulk
- https://github.com/10cks/CVE-2024-32002-linux-hulk
- https://github.com/10cks/CVE-2024-32002-linux-submod
- https://github.com/10cks/CVE-2024-32002-submod
- https://github.com/10cks/hook
- https://github.com/12442RF/POC
- https://github.com/1mxml/CVE-2024-32002-poc
- https://github.com/431m/rcetest
- https://github.com/AD-Appledog/CVE-2024-32002
- https://github.com/AD-Appledog/wakuwaku
- https://github.com/AboSteam/POPC
- https://github.com/AkihiroSuda/vexllm
- https://github.com/Anomaly-8/ZPOZAS_lab2
- https://github.com/BahrainMobilityInternational/BMI-02
- https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese
- https://github.com/CrackerCat/CVE-2024-32002_EXP
- https://github.com/DMW11525708/wiki
- https://github.com/Dgporte/ExerciciosDockerPB2025
- https://github.com/Dre4m017/fuzzy
- https://github.com/EQSTLab/git_rce
- https://github.com/EQSTLab/hook
- https://github.com/FlojBoj/CVE-2024-32002
- https://github.com/Gandhiprakash07/Trail01
- https://github.com/GhostTroops/TOP
- https://github.com/Goplush/CVE-2024-32002-git-rce
- https://github.com/Hector65432/cve-2024-32002-1
- https://github.com/Hector65432/cve-2024-32002-2
- https://github.com/IK-20211125/CVE-2025-48384
- https://github.com/JJoosh/CVE-2024-32002
- https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell
- https://github.com/JakobTheDev/cve-2024-32002-poc-aw
- https://github.com/JakobTheDev/cve-2024-32002-poc-rce
- https://github.com/JakobTheDev/cve-2024-32002-submodule-aw
- https://github.com/JakobTheDev/cve-2024-32002-submodule-rce
- https://github.com/JoaoLeonello/cve-2024-32002-poc
- https://github.com/Julian-gmz/hook_CVE-2024-32002
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Leviticus-Triage/ChromSploit-Framework
- https://github.com/Linxloop/fork_POC
- https://github.com/LoongBa/ReplaceAllGit
- https://github.com/M507/CVE-2024-32002
- https://github.com/Masamuneee/CVE-2024-32002-POC
- https://github.com/Masamuneee/hook
- https://github.com/NishanthAnand21/CVE-2024-32002-PoC
- https://github.com/O-Carneiro/cve_2024_32002_hook
- https://github.com/O-Carneiro/cve_2024_32002_rce
- https://github.com/PierrunoYT/ai-code-reviewer
- https://github.com/Reh46/WEB1
- https://github.com/Roronoawjd/git_rce
- https://github.com/Roronoawjd/hook
- https://github.com/SpycioKon/CVE-2024-32002
- https://github.com/Sriramv1979/sriscreener
- https://github.com/TSY244/CVE-2024-32002-git-rce
- https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc
- https://github.com/VuNgocTan/rce_on_git
- https://github.com/WOOOOONG/CVE-2024-32002
- https://github.com/WOOOOONG/hook
- https://github.com/WOOOOONG/submod
- https://github.com/WhosGa/MyWiki
- https://github.com/XiaomingX/cve-2024-32002-poc
- https://github.com/Yuan08o/pocs
- https://github.com/YuanlooSec/CVE-2024-32002-poc
- https://github.com/YukaFake/CVE-2024-32002
- https://github.com/YukaFake/CVE-2024-32002-Reverse-Shell
- https://github.com/Z3r0u53r/hehe
- https://github.com/Zhang-Yiiliin/test_cve_2024_32002
- https://github.com/Zombie-Kaiser/Zombie-Kaiser
- https://github.com/abdulrahmanasdfghj/brubru
- https://github.com/abglnv/SH-2024-ORCH
- https://github.com/admin772/POC
- https://github.com/adminlove520/pocWiki
- https://github.com/adysec/POC
- https://github.com/aitorcastel/poc_CVE-2024-32002
- https://github.com/aitorcastel/poc_CVE-2024-32002_submodule
- https://github.com/ak-phyo/gitrce_poc
- https://github.com/alimuhammedkose/CVE-2024-32002-linux-smash
- https://github.com/amalmurali47/demo_git_rce
- https://github.com/amalmurali47/demo_hook
- https://github.com/amalmurali47/git_rce
- https://github.com/amalmurali47/hook
- https://github.com/aneasystone/github-trending
- https://github.com/ashutosh0408/CVE-2024-32002
- https://github.com/ashutosh0408/Cve-2024-32002-poc
- https://github.com/bfengj/CVE-2024-32002-Exploit
- https://github.com/bfengj/CVE-2024-32002-hook
- https://github.com/bfengj/Security-Paper-Learing
- https://github.com/biswa2112/git_rce
- https://github.com/blackninja23/CVE-2024-32002
- https://github.com/bonnettheo/CVE-2024-32002
- https://github.com/botaktrade/ExnessID.com
- https://github.com/charlesgargasson/CVE-2024-32002
- https://github.com/charlesgargasson/charlesgargasson
- https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing
- https://github.com/chunnni/cicd_git_rce
- https://github.com/cisp-pte/POC-20241008-sec-fork
- https://github.com/coffeescholar/ReplaceAllGit
- https://github.com/cojoben/git_rce
- https://github.com/daemon-reconfig/CVE-2024-32002
- https://github.com/dzx825/32002
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/fadhilthomas/hook
- https://github.com/fadhilthomas/poc-cve-2024-32002
- https://github.com/grecosamuel/CVE-2024-32002
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/happymimimix/Git-Auto-Updater
- https://github.com/iemotion/POC
- https://github.com/jafshare/GithubTrending
- https://github.com/jerrydotlam/cve-2024-32002-1
- https://github.com/jerrydotlam/cve-2024-32002-2
- https://github.com/jerrydotlam/cve-2024-32002-3
- https://github.com/johe123qwe/github-trending
- https://github.com/jweny/CVE-2024-32002_EXP
- https://github.com/jweny/CVE-2024-32002_HOOK
- https://github.com/kun-g/Scraping-Github-trending
- https://github.com/laoa1573/wy876
- https://github.com/logzio/trivy-to-logzio
- https://github.com/markuta/CVE-2024-32002
- https://github.com/markuta/hooky
- https://github.com/myseq/ms_patch_tuesday
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/p1tsi/misc
- https://github.com/pkjmesra/PKScreener
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/pysnow1/gitrce
- https://github.com/reactor16/gitexpl
- https://github.com/robertsirc/sle-bci-demo
- https://github.com/safebuffer/CVE-2024-32002
- https://github.com/sampsonv/github-trending
- https://github.com/sanan2004/CVE-2024-32002
- https://github.com/seekerzz/MyRSSSync
- https://github.com/suvani-ctrl/VAPT__sample
- https://github.com/sysonlai/CVE-2024-32002-hook
- https://github.com/tanjiti/sec_profile
- https://github.com/testing-felickz/docker-scout-demo
- https://github.com/th4s1s/CVE-2024-32002-PoC
- https://github.com/th4s1s/better-sqlite
- https://github.com/tobelight/cve_2024_32002
- https://github.com/tobelight/cve_2024_32002_hook
- https://github.com/vincepsh/CVE-2024-32002
- https://github.com/vincepsh/CVE-2024-32002-hook
- https://github.com/winstest/test2
- https://github.com/wjdgnsdl213/git_rce
- https://github.com/wjdgnsdl213/hook
- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/ycdxsb/CVE-2024-32002-hulk
- https://github.com/ycdxsb/CVE-2024-32002-submod
- https://github.com/zgimszhd61/openai-sec-test-cve-quickstart
- https://github.com/zhaoxiaoha/github-trending
- https://github.com/zulloper/cve-poc