You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 32020
About this tag
CVE-2024-32020 is a security vulnerability in Git's local clone optimization. When a repository is cloned locally on the same filesystem, Git creates hardlinks to objects in the source repository. These hardlinks remain writable by the original repository owner, allowing an untrusted user who controls the source to modify objects in the clone. Microsoft's advisory notes that Azure Linux includes the affected Git library and is potentially impacted. The vulnerability highlights a risk in Git's performance-enhancing behavior, particularly in multi-user environments where local clones are used. Discussions on WindowsForum cover the technical details, implications for Azure Linux, and mitigation strategies.
A surprising and quietly dangerous edge-case in Git’s local clone optimization has been tracked as CVE-2024-32020: when a repository is cloned locally (source and target on the same filesystem), Git’s speed-saving behavior can create hardlinks into the new clone’s object store that remain...