CVE-2024-32465: 
Git vulnerability analysis and mitigation

CVE-2024-32465 is a security vulnerability in Git that allows untrusted repositories to execute arbitrary code during clone operations. The vulnerability was discovered and disclosed on May 14, 2024. It affects Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. While Git has specific protections to make cloning operations safe even with untrusted source repositories, this vulnerability allows those protections to be bypassed, particularly when dealing with repositories obtained from downloaded archives (GitHub Advisory).

The vulnerability occurs when cloning repositories obtained from untrusted sources, such as .zip files or archives. Even though Git is supposed to safely handle untrusted repositories, the vulnerability allows attackers to configure hooks that can execute arbitrary code in the context of the repository during the clone operation. This vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (GitHub Advisory, NVD).

The vulnerability allows attackers to execute arbitrary code with the permissions of the user performing the clone operation. This is particularly concerning when users unpack and interact with Git repositories from untrusted sources, as the attacker can configure the repository to execute malicious code during normal Git operations (GitHub Advisory).

The vulnerability has been patched in Git versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, users should avoid using Git in repositories that have been obtained via archives from untrusted sources. When working with untrusted repositories, it is recommended to clone them first with git clone --no-local to obtain a clean copy (GitHub Advisory, Openwall).