CVE-2020-12279
9.8
CRITICAL
CVSS 3.1
EPSS 5.2%
Description
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
How to fix CVE-2020-12279
To remediate CVE-2020-12279, upgrade the affected package to a fixed version below.
- Debian/libgit2—upgrade to 0.28.4+dfsg.1-2 or later
Is CVE-2020-12279 being exploited?
Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.28.4+dfsg.1-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |