Impact
By feeding specially crafted input to git apply --reject
, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch).
Patches
A fix has been prepared and will appear in v2.30.9, v2.31.8, v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5, v2.39.3 and v2.40.1.
Workarounds
Avoid using git apply
with --reject
when applying patches from an untrusted source. Use git apply --stat
to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the *.rej
file exists.
Impact
By feeding specially crafted input to
git apply --reject
, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch).Patches
A fix has been prepared and will appear in v2.30.9, v2.31.8, v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5, v2.39.3 and v2.40.1.
Workarounds
Avoid using
git apply
with--reject
when applying patches from an untrusted source. Usegit apply --stat
to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the*.rej
file exists.