CVE-2019-1351

HIGH

Git for Visual Studio - Path Traversal

Title source: llm

Description

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

Exploits (1)

nomisec STUB

by JonasDL · poc

https://github.com/JonasDL/PruebaCVE20191351

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351

[Various Sources] https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

[Third Party Advisory] https://security.gentoo.org/glsa/202003-30

Scores

CVSS v3 7.5

EPSS 0.2264

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-706

Status published

Products (3)

microsoft/visual_studio_2017 15.0 - 15.9.18

microsoft/visual_studio_2019 16.0 - 16.4.1

opensuse/leap 15.1

Published Jan 24, 2020

Tracked Since Feb 18, 2026