ByteOS Network

NVD Vulnerability Details :

CVE-2024-52006

Analyzed

Source-security-advisories@github.com

Published At-14 Jan, 2025 | 19:15

Updated At-18 Dec, 2025 | 16:10

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.1	LOW	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 2.1

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

git>>git>>Versions before 2.40.4(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.41.0(inclusive) to 2.41.3(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.42.0(inclusive) to 2.42.4(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.43.0(inclusive) to 2.43.6(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.44.3(inclusive) to 2.44.3(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.45.3(inclusive) to 2.45.3(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.46.3(inclusive) to 2.46.3(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>Versions from 2.47.0(inclusive) to 2.47.2(exclusive)

cpe:2.3:a:git:git:*:*:*:*:*:*:*:*

git>>git>>2.48.0

cpe:2.3:a:git:git:2.48.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>11.0

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-116	Secondary	security-advisories@github.com
CWE-147	Secondary	security-advisories@github.com
CWE-150	Secondary	security-advisories@github.com

CWE ID: CWE-116

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-147

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-150

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g	security-advisories@github.com	Not Applicable
https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060	security-advisories@github.com	Patch
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q	security-advisories@github.com	Not Applicable
https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp	security-advisories@github.com	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00025.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory