Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2024-32002

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

POC

Reference

No PoCs from references.

Github

- https://github.com/0day404/HV-2024-POC

- https://github.com/0xMarcio/cve

- https://github.com/10cks/CVE-2024-32002-EXP

- https://github.com/10cks/CVE-2024-32002-POC

- https://github.com/10cks/CVE-2024-32002-hulk

- https://github.com/10cks/CVE-2024-32002-linux-hulk

- https://github.com/10cks/CVE-2024-32002-linux-submod

- https://github.com/10cks/CVE-2024-32002-submod

- https://github.com/10cks/hook

- https://github.com/12442RF/POC

- https://github.com/1mxml/CVE-2024-32002-poc

- https://github.com/431m/rcetest

- https://github.com/AD-Appledog/CVE-2024-32002

- https://github.com/AD-Appledog/wakuwaku

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/AboSteam/POPC

- https://github.com/AkihiroSuda/vexllm

- https://github.com/Anomaly-8/ZPOZAS_lab2

- https://github.com/BahrainMobilityInternational/BMI-02

- https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese

- https://github.com/CrackerCat/CVE-2024-32002_EXP

- https://github.com/DMW11525708/wiki

- https://github.com/Dgporte/ExerciciosDockerPB2025

- https://github.com/Disseminator/Poc_CVEs

- https://github.com/Dre4m017/fuzzy

- https://github.com/EQSTLab/git_rce

- https://github.com/EQSTLab/hook

- https://github.com/EQSTSeminar/git_rce

- https://github.com/EQSTSeminar/hook

- https://github.com/FlojBoj/CVE-2024-32002

- https://github.com/Gandhiprakash07/Trail01

- https://github.com/GhostTroops/TOP

- https://github.com/Goplush/CVE-2024-32002-git-rce

- https://github.com/Hector65432/cve-2024-32002-1

- https://github.com/Hector65432/cve-2024-32002-2

- https://github.com/Hiddenleaf07/pknew

- https://github.com/IK-20211125/CVE-2025-48384

- https://github.com/JJoosh/CVE-2024-32002

- https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell

- https://github.com/JakobTheDev/cve-2024-32002-poc-aw

- https://github.com/JakobTheDev/cve-2024-32002-poc-rce

- https://github.com/JakobTheDev/cve-2024-32002-submodule-aw

- https://github.com/JakobTheDev/cve-2024-32002-submodule-rce

- https://github.com/JiaoSuInfoSec/JiaoSuInfoSec_T00ls_Win11

- https://github.com/JoaoLeonello/cve-2024-32002-poc

- https://github.com/Julian-gmz/hook_CVE-2024-32002

- https://github.com/Lern0n/Lernon-POC

- https://github.com/Leviticus-Triage/ChromSploit-Framework

- https://github.com/Linxloop/fork_POC

- https://github.com/LoongBa/ReplaceAllGit

- https://github.com/M507/CVE-2024-32002

- https://github.com/Masamuneee/CVE-2024-32002-POC

- https://github.com/Masamuneee/hook

- https://github.com/NishanthAnand21/CVE-2024-32002-PoC

- https://github.com/O-Carneiro/cve_2024_32002_hook

- https://github.com/O-Carneiro/cve_2024_32002_rce

- https://github.com/PierrunoYT/ai-code-reviewer

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Reh46/WEB1

- https://github.com/Roronoawjd/git_rce

- https://github.com/Roronoawjd/hook

- https://github.com/SpycioKon/CVE-2024-32002

- https://github.com/Sriramv1979/sriscreener

- https://github.com/TSY244/CVE-2024-32002-git-rce

- https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc

- https://github.com/VuNgocTan/rce_on_git

- https://github.com/WOOOOONG/CVE-2024-32002

- https://github.com/WOOOOONG/hook

- https://github.com/WOOOOONG/submod

- https://github.com/Warren-Jace/poc-doc

- https://github.com/WhosGa/MyWiki

- https://github.com/XiaomingX/cve-2024-32002-poc

- https://github.com/Yuan08o/pocs

- https://github.com/YuanlooSec/CVE-2024-32002-poc

- https://github.com/YukaFake/CVE-2024-32002

- https://github.com/YukaFake/CVE-2024-32002-Reverse-Shell

- https://github.com/Z3r0u53r/hehe

- https://github.com/Zhang-Yiiliin/test_cve_2024_32002

- https://github.com/Zombie-Kaiser/Zombie-Kaiser

- https://github.com/abdulrahmanasdfghj/brubru

- https://github.com/abglnv/SH-2024-ORCH

- https://github.com/admin772/POC

- https://github.com/adminlove520/pocWiki

- https://github.com/adysec/POC

- https://github.com/aitorcastel/poc_CVE-2024-32002

- https://github.com/aitorcastel/poc_CVE-2024-32002_submodule

- https://github.com/ak-phyo/gitrce_poc

- https://github.com/amalmurali47/demo_git_rce

- https://github.com/amalmurali47/demo_hook

- https://github.com/amalmurali47/git_rce

- https://github.com/amalmurali47/hook

- https://github.com/aneasystone/github-trending

- https://github.com/ashutosh0408/CVE-2024-32002

- https://github.com/ashutosh0408/Cve-2024-32002-poc

- https://github.com/bfengj/CVE-2024-32002-Exploit

- https://github.com/bfengj/CVE-2024-32002-hook

- https://github.com/bfengj/Security-Paper-Learing

- https://github.com/biswa2112/git_rce

- https://github.com/blackninja23/CVE-2024-32002

- https://github.com/bonnettheo/CVE-2024-32002

- https://github.com/botaktrade/ExnessID.com

- https://github.com/charlesgargasson/CVE-2024-32002

- https://github.com/charlesgargasson/charlesgargasson

- https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing

- https://github.com/chunnni/cicd_git_rce

- https://github.com/cisp-pte/POC-20241008-sec-fork

- https://github.com/coffeescholar/ReplaceAllGit

- https://github.com/cojoben/git_rce

- https://github.com/daemon-reconfig/CVE-2024-32002

- https://github.com/deficientrock/vexllm

- https://github.com/dzx825/32002

- https://github.com/eeeeeeeeee-code/POC

- https://github.com/fadhilthomas/hook

- https://github.com/fadhilthomas/poc-cve-2024-32002

- https://github.com/grecosamuel/CVE-2024-32002

- https://github.com/greenberglinken/2023hvv_1

- https://github.com/h3xm4n/CVE-2024-32002

- https://github.com/happymimimix/Git-Auto-Updater

- https://github.com/iemotion/POC

- https://github.com/jafshare/GithubTrending

- https://github.com/jerrydotlam/cve-2024-32002-1

- https://github.com/jerrydotlam/cve-2024-32002-2

- https://github.com/jerrydotlam/cve-2024-32002-3

- https://github.com/jimmysax/cicd_git_rce

- https://github.com/johe123qwe/github-trending

- https://github.com/jweny/CVE-2024-32002_EXP

- https://github.com/jweny/CVE-2024-32002_HOOK

- https://github.com/kun-g/Scraping-Github-trending

- https://github.com/laoa1573/wy876

- https://github.com/logzio/trivy-to-logzio

- https://github.com/markuta/CVE-2024-32002

- https://github.com/markuta/hooky

- https://github.com/myseq/ms_patch_tuesday

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/oLy0/Vulnerability

- https://github.com/p1tsi/misc

- https://github.com/pkjmesra/PKScreener

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/pysnow1/gitrce

- https://github.com/reactor16/gitexpl

- https://github.com/rendizi/SH-2024-ORCH

- https://github.com/robertsirc/sle-bci-demo

- https://github.com/runwhen-contrib/helm-charts

- https://github.com/safebuffer/CVE-2024-32002

- https://github.com/sampsonv/github-trending

- https://github.com/sanan2004/CVE-2024-32002

- https://github.com/seekerzz/MyRSSSync

- https://github.com/suvani-ctrl/VAPT__sample

- https://github.com/sysonlai/CVE-2024-32002-hook

- https://github.com/tanjiti/sec_profile

- https://github.com/testing-felickz/docker-scout-demo

- https://github.com/th4s1s/CVE-2024-32002-PoC

- https://github.com/th4s1s/better-sqlite

- https://github.com/tiyeume25112004/CVE-2024-32002

- https://github.com/tobelight/cve_2024_32002

- https://github.com/tobelight/cve_2024_32002_hook

- https://github.com/vincepsh/CVE-2024-32002

- https://github.com/vincepsh/CVE-2024-32002-hook

- https://github.com/winstest/test2

- https://github.com/wjdgnsdl213/git_rce

- https://github.com/wjdgnsdl213/hook

- https://github.com/wjlin0/poc-doc

- https://github.com/wooluo/POC00

- https://github.com/wy876/POC

- https://github.com/wy876/wiki

- https://github.com/ycdxsb/CVE-2024-32002-hulk

- https://github.com/ycdxsb/CVE-2024-32002-submod

- https://github.com/zgimszhd61/openai-sec-test-cve-quickstart

- https://github.com/zhaoxiaoha/github-trending

- https://github.com/zulloper/cve-poc