CVE-2024-32002 RCE PoC
by HA_twck - Monday July 29, 2024 at 09:38 AM
#1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. 
If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Hidden Content
You must register or login to view this content.

PS: I dont own source; only sharing for those who need.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Sell] Calix GPON - Preauth RCE 0day ericki 1 286 06-29-2026, 06:41 AM
Last Post: johnmalkovich1202
  new wordpress website takeover vuln (video + poc ) zinzeur 312 27,280 03-28-2026, 02:43 AM
Last Post: toshi99
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,203 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,094 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 76 02-07-2026, 03:32 PM
Last Post: cysc



 Users browsing this thread: 1 Guest(s)