ALPINE-CVE-2019-1348

ALPINE-CVE-2019-1348 PUBLISHED CVSS 3.299999952316284 LOW

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

Risk Scores

CVSS v3.1

3.299999952316284

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.13	git	1.8.5.3-r1, 2.0.3-r0, 1.7.9.3-r0
Alpine:v3.7	git	1.6.3.3-r0, 2.8.1-r0, 2.8.0-r1
Alpine:v3.22	git	2.16.0-r0, 2.16.1-r0, 2.16.2-r0
Alpine:v3.23	git	2.3.0-r0, 1.6.3.3-r0, 1.6.4-r0
Alpine:v3.14	git	2.2.2-r0, 2.2.1-r0, 2.16.0-r0
Alpine:v3.16	git	2.8.3-r0, 0, 1.6.0.4-r1
Alpine:v3.15	git	2.15.0-r0, 2.9.3-r0, 2.9.2-r0
Alpine:v3.20	git	1.6.1.3-r1, 1.6.0.4-r1, 1.6.0.4-r2
Alpine:v3.17	git	2.10.2-r0, 2.11.0-r0, 2.13.0-r0
Alpine:v3.18	git	1.8.4.3-r2, 1.8.5.1-r0, 1.8.5.1-r1
Alpine:v3.12	git	1.7.4.1-r0, 2.14.3-r0, 2.15.0-r0
Alpine:v3.10	git	1.7.8.3-r0, 1.7.8.2-r0, 1.7.8.1-r0
Alpine:v3.21	git	1.9.3-r0, 2.1.3-r0, 2.16.3-r0
Alpine:v3.9	git	2.0.0-r0, 1.9.2-r2, 1.9.2-r1
Alpine:v3.11	libgit2	0.28.3-r1, 0.28.3-r0, 0.28.2-r1
Alpine:v3.11	git	2.4.2-r0, 2.9.3-r0, 2.9.2-r0
Alpine:v3.19	git	1.7.11-r0, 1.7.10.4-r0, 1.7.10.2-r1
Alpine:v3.8	git	1.8.1-r0, 0, 1.6.0.4-r1

Timeline

Jan 24, 2020 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-1348 advisory

Open in Interactive Console →