VDB
CVE-2021-40330
CVE-2021-40330
PUBLISHED
CVSS 5 MEDIUM
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
EPSS 0.54% · 67.9th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.54%
67.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 10.0 |
| git-scm | git | 0 |
| n/a | n/a | n/a |
Timeline
- Aug 31, 2021 CVE Published
- Aug 31, 2021 EPSS Score
- Oct 28, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 21, 2022 EPSS Score
- Apr 20, 2022 EPSS Score
- Jun 17, 2022 EPSS Score
- Aug 15, 2022 EPSS Score
- Dec 9, 2022 EPSS Score
- Feb 5, 2023 EPSS Score
- Mar 7, 2023 EPSS Score