DEBIAN-CVE-2021-40330

DEBIAN-CVE-2021-40330 PUBLISHED CVSS 7.5 HIGH

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	git	0, 0, 0
Debian:11	git	0, 0, 0
Debian:12	git	0, 0, 0
Debian:14	git	0, 0, 0

Timeline

Aug 31, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-40330 advisory

Open in Interactive Console →