Git 2.45.1 fixes the vulnerabilies
- CVE-2024-32002 (critical, Windows and macOS): Git repositories with submodules might cause the
.gitdirectory to be modified, e.g. to add/override some hooks - CVE-2024-32004 (high, multi-user machine): Remote Code Execution while cloning special-crafted local repositories
- CVE-2024-32465 (high, all setups): Protections for cloning untrusted repositories can be bypassed
- CVE-2024-32020 (low, multi-user machines): Cloning local repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
- CVE-2024-32021 (low, multi-user machines): Local clone may hardlink arbitrary user-readable files into the new repository’s “objects/” directory
We recommend to update to this version:
- install Git 2.45.1
- select that Git executable in SmartGit’s preferences, page Git executables