How a Git Submodule & Symlink Trick Triggers Remote Code Execution (CVE‑2024‑32002)

An RCE vulnerability (CVE‑2024‑32002) in Git allows attackers to embed malicious hooks via a recursive submodule and a case‑insensitive symlink, so that cloning the repository executes arbitrary code such as launching the calculator, affecting Git versions up to 2.45.0 unless patched.

CVE-2024-32002Git HooksRemote Code Execution

0 likes · 10 min read

How a Git Submodule & Symlink Trick Triggers Remote Code Execution (CVE‑2024‑32002)

Java Tech Enthusiast

Jun 1, 2024 · Information Security

Git CVE-2024-32002 Remote Code Execution Vulnerability Analysis

The article examines Git CVE‑2024‑32002, a remote‑code‑execution flaw that lets attackers run malicious code simply by cloning a crafted repository, exploiting Git hooks, submodules and case‑insensitive symbolic‑link tricks, and advises users to verify their Git version and update to mitigate the risk.

CVE-2024-32002GitRCE

0 likes · 9 min read

Git CVE-2024-32002 Remote Code Execution Vulnerability Analysis

Java Tech Enthusiast

May 28, 2024 · Information Security

Remote Code Execution Vulnerability in Git (CVE-2024-32002) Explained

Git’s CVE‑2024‑32002 is a critical remote‑code‑execution flaw where a malicious repository can exploit hooks, submodules, and symlinks on case‑insensitive file systems to inject and run attacker‑controlled scripts during a recursive clone, affecting versions up to 2.45.0 and mitigated by disabling recursive submodule fetching, avoiding untrusted clones, and updating Git.

CVE-2024-32002GitRCE

0 likes · 9 min read

Remote Code Execution Vulnerability in Git (CVE-2024-32002) Explained