Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/git@2.31.1-6?arch=el9_0

Type rpm

Namespace redhat

Name git

Version 2.31.1-6

Qualifiers

arch	el9_0

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-379n-nvbu-aqhw

vulnerability_id

VCID-379n-nvbu-aqhw

summary

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32004.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32004

reference_id

reference_type

scores

value	0.02439
scoring_system	epss
scoring_elements	0.85474
published_at	2026-06-09T12:55:00Z

value	0.02439
scoring_system	epss
scoring_elements	0.85473
published_at	2026-06-07T12:55:00Z

value	0.02439
scoring_system	epss
scoring_elements	0.85478
published_at	2026-06-06T12:55:00Z

value	0.02439
scoring_system	epss
scoring_elements	0.85459
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32004

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32004
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32004

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071160
reference_id	1071160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071160

reference_url

http://www.openwall.com/lists/oss-security/2024/05/14/2

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T17:59:29Z/

url

http://www.openwall.com/lists/oss-security/2024/05/14/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2280428
reference_id	2280428
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2280428

reference_url

https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8

reference_id

f4aa8c8bb11dae6e769cd930565173808cbb69c8

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T17:59:29Z/

url

https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8

reference_url

https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389

reference_id

GHSA-xfc6-vwr8-r389

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T17:59:29Z/

url

https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389

reference_url

https://git-scm.com/docs/git-clone

reference_id

git-clone

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T17:59:29Z/

url

https://git-scm.com/docs/git-clone

reference_url

https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T17:59:29Z/

url

https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html

reference_url	https://access.redhat.com/errata/RHSA-2024:4083
reference_id	RHSA-2024:4083
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4083

reference_url	https://access.redhat.com/errata/RHSA-2024:4084
reference_id	RHSA-2024:4084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4084

reference_url	https://access.redhat.com/errata/RHSA-2024:4368
reference_id	RHSA-2024:4368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4368

reference_url	https://access.redhat.com/errata/RHSA-2024:4579
reference_id	RHSA-2024:4579
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4579

reference_url	https://access.redhat.com/errata/RHSA-2024:6027
reference_id	RHSA-2024:6027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6027

reference_url	https://access.redhat.com/errata/RHSA-2024:6028
reference_id	RHSA-2024:6028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6028

reference_url	https://access.redhat.com/errata/RHSA-2024:6610
reference_id	RHSA-2024:6610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6610

reference_url	https://access.redhat.com/errata/RHSA-2024:7701
reference_id	RHSA-2024:7701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7701

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/

reference_id

S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T17:59:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/

reference_url	https://usn.ubuntu.com/6793-1/
reference_id	USN-6793-1
reference_type
scores
url	https://usn.ubuntu.com/6793-1/

reference_url	https://usn.ubuntu.com/7023-1/
reference_id	USN-7023-1
reference_type
scores
url	https://usn.ubuntu.com/7023-1/

fixed_packages

aliases

CVE-2024-32004

risk_score

3.7

exploitability

0.5

weighted_severity

7.4

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-379n-nvbu-aqhw

url

VCID-puvd-jdbs-bqef

vulnerability_id

VCID-puvd-jdbs-bqef

summary

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32002.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32002.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32002

reference_id

reference_type

scores

value	0.82474
scoring_system	epss
scoring_elements	0.99252
published_at	2026-06-09T12:55:00Z

value	0.82951
scoring_system	epss
scoring_elements	0.99271
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32002

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32002
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32002

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071160
reference_id	1071160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071160

reference_url

http://www.openwall.com/lists/oss-security/2024/05/14/2

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

http://www.openwall.com/lists/oss-security/2024/05/14/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2280421
reference_id	2280421
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2280421

reference_url

https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d

reference_id

97065761333fd62db1912d81b489db938d8c991d

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d

reference_url

https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

reference_id

GHSA-8h77-4q3w-gfgv

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

reference_url

https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt

reference_id

git-clone.txt---recurse-submodulesltpathspecgt

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt

reference_url

https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks

reference_id

git-config.txt-coresymlinks

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks

reference_url

https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html

reference_url	https://access.redhat.com/errata/RHSA-2024:4083
reference_id	RHSA-2024:4083
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4083

reference_url	https://access.redhat.com/errata/RHSA-2024:4084
reference_id	RHSA-2024:4084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4084

reference_url	https://access.redhat.com/errata/RHSA-2024:4368
reference_id	RHSA-2024:4368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4368

reference_url	https://access.redhat.com/errata/RHSA-2024:4579
reference_id	RHSA-2024:4579
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4579

reference_url	https://access.redhat.com/errata/RHSA-2024:6027
reference_id	RHSA-2024:6027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6027

reference_url	https://access.redhat.com/errata/RHSA-2024:6028
reference_id	RHSA-2024:6028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6028

reference_url	https://access.redhat.com/errata/RHSA-2024:6610
reference_id	RHSA-2024:6610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6610

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/

reference_id

S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-29T14:18:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/

reference_url	https://usn.ubuntu.com/6793-1/
reference_id	USN-6793-1
reference_type
scores
url	https://usn.ubuntu.com/6793-1/

reference_url	https://usn.ubuntu.com/6793-2/
reference_id	USN-6793-2
reference_type
scores
url	https://usn.ubuntu.com/6793-2/

reference_url	https://usn.ubuntu.com/7023-1/
reference_id	USN-7023-1
reference_type
scores
url	https://usn.ubuntu.com/7023-1/

fixed_packages

aliases

CVE-2024-32002

risk_score

10.0

exploitability

2.0

weighted_severity

8.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-puvd-jdbs-bqef

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/git@2.31.1-6%3Farch=el9_0

Package Instance