Git Users Urged to Update Software to Prevent Execution of Remote Code

The maintainers of the Git source code version control system have issued updates to address two critical vulnerabilities that could be exploited by an adversary to execute arbitrary code remotely.

Git versions v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0 are vulnerable to the vulnerabilities CVE-2022-23521 and CVE-2022-41903.

Patched versions include v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, and v2.39.1. Markus Vervier and Eric Sesterhenn of X41 D-Sec and Joern Schneeweisz of GitLab are credited with reporting the vulnerabilities.

“The most severe vulnerability discovered allows an attacker to cause heap-based memory corruption during a clone or pull operations, which could lead to code execution,” the German cybersecurity firm said of CVE-2022-23521.

CVE-2022-41903, likewise a critical flaw, is triggered during an archive operation, resulting in code execution via an integer overflow flaw that occurs when formatting the commit logs.

In addition, X41 D-Sec identified a large number of integer-related issues that could lead to denial-of-service situations, out-of-bound reads, or poorly handled corner cases on large input.

Git recommends that users disable “git archive” in untrusted repositories as mitigation for CVE-2022-41903 in situations where updating to the latest version is not possible.

In a coordinated advisory, GitLab announced that it has released versions 15.7.5, 15.6.6, and 15.5.9 of GitLab Community Edition (CE) and Enterprise Edition (EE) to address the vulnerabilities, and urged customers to apply the fixes immediately.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Thousands Of Citrix Servers May Be Vulnerable To Attack

December 30, 2022

Many servers remain unpatched, researchers are warning. Numerous Citrix ADC and Gateway servers continue to be susceptible to critical vulnerabilities that were reportedly patched by the company weeks ago, according to experts. Citrix discovered and patched an “Unauthorized access to…

LabKey Vulnerabilities Endanger Medical Research Information

January 25, 2019

LabKey Server version 18.3.0-61806.763, which was released on January 16, resolves all three vulnerabilities, so users should update immediately. Multiple cross-site scripting (XSS) attacks are possible due to the presence of three vulnerabilities in a popular open-source medical data collaboration…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of