{"schema_version":"1.7.2","id":"OESA-2021-1345","modified":"2021-09-18T11:03:12Z","published":"2021-09-18T11:03:12Z","upstream":["CVE-2021-40330"],"summary":"git security update","details":"Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.\n\nGit is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\ngit_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.(CVE-2021-40330)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"git","purl":"pkg:rpm/openEuler/git\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-5.oe1"}]}],"ecosystem_specific":{"aarch64":["git-2.27.0-5.oe1.aarch64.rpm","git-debuginfo-2.27.0-5.oe1.aarch64.rpm","git-daemon-2.27.0-5.oe1.aarch64.rpm","git-debugsource-2.27.0-5.oe1.aarch64.rpm"],"noarch":["git-svn-2.27.0-5.oe1.noarch.rpm","git-gui-2.27.0-5.oe1.noarch.rpm","git-web-2.27.0-5.oe1.noarch.rpm","gitk-2.27.0-5.oe1.noarch.rpm","git-help-2.27.0-5.oe1.noarch.rpm","git-email-2.27.0-5.oe1.noarch.rpm","perl-Git-2.27.0-5.oe1.noarch.rpm","perl-Git-SVN-2.27.0-5.oe1.noarch.rpm"],"src":["git-2.27.0-5.oe1.src.rpm"],"x86_64":["git-debugsource-2.27.0-5.oe1.x86_64.rpm","git-daemon-2.27.0-5.oe1.x86_64.rpm","git-2.27.0-5.oe1.x86_64.rpm","git-debuginfo-2.27.0-5.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"git","purl":"pkg:rpm/openEuler/git\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-5.oe1"}]}],"ecosystem_specific":{"aarch64":["git-2.27.0-5.oe1.aarch64.rpm","git-debuginfo-2.27.0-5.oe1.aarch64.rpm","git-daemon-2.27.0-5.oe1.aarch64.rpm","git-debugsource-2.27.0-5.oe1.aarch64.rpm"],"noarch":["git-email-2.27.0-5.oe1.noarch.rpm","git-web-2.27.0-5.oe1.noarch.rpm","git-gui-2.27.0-5.oe1.noarch.rpm","git-help-2.27.0-5.oe1.noarch.rpm","perl-Git-2.27.0-5.oe1.noarch.rpm","git-svn-2.27.0-5.oe1.noarch.rpm","gitk-2.27.0-5.oe1.noarch.rpm","perl-Git-SVN-2.27.0-5.oe1.noarch.rpm"],"src":["git-2.27.0-5.oe1.src.rpm"],"x86_64":["git-debuginfo-2.27.0-5.oe1.x86_64.rpm","git-daemon-2.27.0-5.oe1.x86_64.rpm","git-2.27.0-5.oe1.x86_64.rpm","git-debugsource-2.27.0-5.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1345"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40330"}],"database_specific":{"severity":"High"}}