CVE-2019-1351

HIGH

Git for Visual Studio - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1351. PoCs published by JonasDL.

AI-analyzed exploit summary The repository contains only a single C# data transfer object (DTO) class with no exploit code or technical details about CVE-2019-1351. It lacks any functional exploit or analysis.

Description

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

Exploits (1)

nomisec STUB

by JonasDL · poc

https://github.com/JonasDL/PruebaCVE20191351

View Code ZIP pw:eip

The repository contains only a single C# data transfer object (DTO) class with no exploit code or technical details about CVE-2019-1351. It lacks any functional exploit or analysis.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351

Various Sources x_refsource_misc

https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202003-30

Scores

CVSS v3 7.5

EPSS 0.0872

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-706

Status published

Products (3)

microsoft/visual_studio_2017 15.0 - 15.9.18

microsoft/visual_studio_2019 16.0 - 16.4.1

opensuse/leap 15.1

Published Jan 24, 2020

Tracked Since Feb 18, 2026