USN-7964-1
- Source
- https://ubuntu.com/security/notices/USN-7964-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7964-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7964-1
- Upstream
- Related
- Published
- 2026-01-15T14:51:12.586545Z
- Modified
- 2026-01-30T00:34:46.495329Z
- Summary
- git vulnerabilities
- Details
-
It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. (CVE-2024-50349)
It was discovered that Git did not properly handle carriage return characters in its credential protocol. An attacker could use this issue to send unexpected data to credential helpers, possibly leading to a user being tricked into disclosing sensitive information. (CVE-2024-52006)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.7.4-0ubuntu1.10+esm13?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.7.4-0ubuntu1.10+esm13
Affected versions
1:2.*
1:2.5.0-1
1:2.6.2-1
1:2.6.3-1
1:2.6.4-1
1:2.7.0~rc3-1
1:2.7.0-1
1:2.7.3-0ubuntu1
1:2.7.4-0ubuntu1
1:2.7.4-0ubuntu1.1
1:2.7.4-0ubuntu1.2
1:2.7.4-0ubuntu1.3
1:2.7.4-0ubuntu1.4
1:2.7.4-0ubuntu1.5
1:2.7.4-0ubuntu1.6
1:2.7.4-0ubuntu1.7
1:2.7.4-0ubuntu1.8
1:2.7.4-0ubuntu1.9
1:2.7.4-0ubuntu1.10
1:2.7.4-0ubuntu1.10+esm1
1:2.7.4-0ubuntu1.10+esm3
1:2.7.4-0ubuntu1.10+esm4
1:2.7.4-0ubuntu1.10+esm5
1:2.7.4-0ubuntu1.10+esm6
1:2.7.4-0ubuntu1.10+esm7
1:2.7.4-0ubuntu1.10+esm8
1:2.7.4-0ubuntu1.10+esm9
1:2.7.4-0ubuntu1.10+esm10
1:2.7.4-0ubuntu1.10+esm11
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-all",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-arch",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-core",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-el",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-email",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-man",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "gitk",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.7.4-0ubuntu1.10+esm13"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-50349",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-52006",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7964-1.json"
Ubuntu:Pro:18.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.17.1-1ubuntu0.18+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.17.1-1ubuntu0.18+esm6
Affected versions
1:2.*
1:2.14.1-1ubuntu4
1:2.15.1-1ubuntu2
1:2.17.0-1ubuntu1
1:2.17.1-1ubuntu0.1
1:2.17.1-1ubuntu0.3
1:2.17.1-1ubuntu0.4
1:2.17.1-1ubuntu0.5
1:2.17.1-1ubuntu0.6
1:2.17.1-1ubuntu0.7
1:2.17.1-1ubuntu0.8
1:2.17.1-1ubuntu0.9
1:2.17.1-1ubuntu0.10
1:2.17.1-1ubuntu0.11
1:2.17.1-1ubuntu0.12
1:2.17.1-1ubuntu0.13
1:2.17.1-1ubuntu0.14
1:2.17.1-1ubuntu0.15
1:2.17.1-1ubuntu0.16
1:2.17.1-1ubuntu0.17
1:2.17.1-1ubuntu0.18
1:2.17.1-1ubuntu0.18+esm1
1:2.17.1-1ubuntu0.18+esm2
1:2.17.1-1ubuntu0.18+esm3
1:2.17.1-1ubuntu0.18+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-all",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-el",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-email",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-man",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "gitk",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.17.1-1ubuntu0.18+esm6"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-50349",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-52006",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7964-1.json"