alpine · CVE-2022-24975

Quick triage

Priority: not assigned Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2022-24975: 1 source package rows (git); 37 state rows across 6 repos (3.12-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 36, open 1.

Description:

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

cvelogic Threat Intelligence