VDB

CVE-2021-40330

CVE-2021-40330 PUBLISHED CVSS 5 MEDIUM

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

EPSS 0.54% · 67.9th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
0.54%
67.9th percentile

Affected Products

VendorProductVersions
debiandebian_linux10.0
git-scmgit0
n/an/an/a

Timeline

  • Aug 31, 2021 CVE Published
  • Aug 31, 2021 EPSS Score
  • Oct 28, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 21, 2022 EPSS Score
  • Apr 20, 2022 EPSS Score
  • Jun 17, 2022 EPSS Score
  • Aug 15, 2022 EPSS Score
  • Dec 9, 2022 EPSS Score
  • Feb 5, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›