Git 2.45.1 fixes the vulnerabilies

  • CVE-2024-32002 (critical, Windows and macOS): Git repositories with submodules might cause the .git directory to be modified, e.g. to add/override some hooks
  • CVE-2024-32004 (high, multi-user machine): Remote Code Execution while cloning special-crafted local repositories
  • CVE-2024-32465 (high, all setups): Protections for cloning untrusted repositories can be bypassed
  • CVE-2024-32020 (low, multi-user machines): Cloning local repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
  • CVE-2024-32021 (low, multi-user machines): Local clone may hardlink arbitrary user-readable files into the new repository’s “objects/” directory

We recommend to update to this version:

  • install Git 2.45.1
  • select that Git executable in SmartGit’s preferences, page Git executables