CVE-2024-32002

Published May 14, 2024

Last updated a year ago

CVSS critical 9.0
Git

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-32002 is a vulnerability that affects Git, a widely used revision control system. It exists in versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. The vulnerability involves how Git handles submodules, which can be exploited to write files into the `.git/` directory instead of the intended submodule's worktree. This flaw allows an attacker to craft repositories that, when cloned, can execute a malicious hook during the cloning operation. This occurs because the attacker can write a hook script into the `.git/` directory that will run while the clone operation is still in progress, preventing the user from inspecting the code being executed.

Description
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Source
security-advisories@github.com
NVD status
Modified
Products
git

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-22
nvd@nist.gov
CWE-59

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

10

  1. 💉 How I achieved RCE via git clone: Journey to Exploiting CVE-2024-32002 Blog: https://t.co/b1J5dkj7Wl #infosec https://t.co/b6mbnfM2I6

    @mqst_

    19 May 2026

    5929 Impressions

    15 Retweets

    105 Likes

    55 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-32002 2 - CVE-2025-20333 3 - CVE-2026-20131 4 - CVE-2026-33626 5 - CVE-2024-57726 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    27 Apr 2026

    313 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔐 Critical RCE vulnerability (CVE-2024-32002) patched in #Git for #openSUSE Leap 15.6. Impact: Remote code execution via malicious repo. Read more: 👉 https://t.co/zpUyBSqKQv https://t.co/5uj30MNYbi

    @Cezar_H_Linux

    2 Nov 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Actualizaciones de seguridad para Splunk SOAR ❗CVE-2024-32002 ❗CVE-2024-45230 ❗CVE-2024-21538 ➡️Más info: https://t.co/exs9DHLI6E https://t.co/OkOIjAhxqd

    @CERTpy

    17 Jul 2025

    111 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  5. 💉 How I achieved RCE via git clone: Journey to Exploiting CVE-2024-32002 Blog: https://t.co/oVuIc7LFPA #infosec https://t.co/DFawFaAmop

    @mqst_

    16 Mar 2025

    3357 Impressions

    25 Retweets

    75 Likes

    28 Bookmarks

    0 Replies

    0 Quotes

  6. A critical Git vulnerability (CVE-2024-32002) enables RCE attacks via submodules, impacting Git & Visual Studio 2017. OPSWAT students analyzed patches, simulated attacks, and used MetaDefender Endpoint for mitigation. Read more:https://t.co/gbIAxyfJxT https://t.co/t8bs0gc9Zw

    @OPSWAT

    23 Dec 2024

    100 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Merry Christmas and happy holidays. I got one final writeup for the year coming at you! Compiled is a fun medium windows box that features some interesting exploitation paths. The user step revolves around a git clone CVE-2024-32002 and some lateral movement while root centers

    @0x_hackerfren

    21 Dec 2024

    190 Impressions

    0 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Compiled is a medium machine from @hackthebox_eu =>CVE-2024-32002 (a git-rce)=>abuse git clone to expose .git/ to execution context=>CVE-2024-20656=>abuse VSCode’s VSStandardCollectorService150 service -default setup as NT AUTHORITY\SYSTEM- to get a shell https://t.co

    @_kujen5

    14 Dec 2024

    20 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. New retired machine, Compiled from @hackthebox_eu. This box features CVE-2024-32002 for the initial foothold and CVE-2024-20656 for the privilege escalation. It was a great way to learn about code compilation and how Visual Studio works. https://t.co/bxnt1AfAeH

    @_KScorpio

    14 Dec 2024

    136 Impressions

    0 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. У GitHub CLI виявлено критичну вразливість, яка дозволяє зловмисникам виконувати шкідливі команди в системі користувача завдяки Remote Code Execution. Ця вразливість отримала ідентифікатор CVE-2024-32002 і зачіпає версії GitHub CLI до 2.62.0 і становить значну загрозу для… https

    @doucommunity

    18 Nov 2024

    1191 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  11. Vulnerabilidad crítica en GIT. CVE-2024-32002: permite la ejecución remota de código (RCE) simplemente clonando un repositorio.

    @carlos_dagorret

    3 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. https://t.co/yRnQgrlhjc 闲逛看到CVE-2024-32002,git clone 的RCE漏洞,可以执行代码,6个月前就爆了,这个大洞居然没啥印象 影响 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4 之前的git版本 临时修复方式: git config --global core.symlinks false 随便clone有风险,各位X友当心 https://t.co/ZLNVAm8QHv

    @jokimina_

    1 Nov 2024

    117 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).CVE-2025-66413
  2. Git Link Following VulnerabilityCVE-2025-48384
  3. Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.CVE-2024-52005
  4. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.CVE-2024-52006
  5. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.CVE-2024-50349

References

Sources include official advisories and independent security research.