CVE-2019-1353

Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

How to fix CVE-2019-1353

To remediate CVE-2019-1353, upgrade the affected package to a fixed version below.

Alpine/git—upgrade to 2.22.2-r0 or later
—upgrade to 0.28.4-r0 or later
—upgrade to 1:2.24.0-2 or later

Is CVE-2019-1353 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2.22.2-r0
from 0, < 0.28.4-r0
from 0, < 1:2.24.0-2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2019-1353
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-1353