CVE-2021-40330 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-40330 PUBLISHED CVSS 5 MEDIUM

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

EPSS 0.45% · 63.3th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

0.45%

63.3th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	10.0
git-scm	git	0
n/a	n/a	n/a

Timeline

Aug 31, 2021 CVE Published
Aug 31, 2021 EPSS Score
Oct 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 19, 2022 EPSS Score
Apr 18, 2022 EPSS Score
Jun 14, 2022 EPSS Score
Aug 11, 2022 EPSS Score
Dec 4, 2022 EPSS Score
Jan 31, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

Open in Interactive Console →