{"uuid": "7a6fc1b5-9fe6-49af-8d83-8790bec6ce8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-32002", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/209", "content": "Exploiting CVE-2024-32002: RCE via git clone\n\n\ud83d\udc64 by Amal Murali\n\nA new RCE in Git caught researcher's attention on a recent security feed, labeled CVE-2024-32002. The idea of an RCE being triggered through a simple git clone command fascinated him. Given Git\u2019s ubiquity and the widespread use of the clone command, he was instantly intrigued. Could something as routine as cloning a repository really open the door to remote code execution? His curiosity was piqued, and he had to investigate. Plus, who doesn\u2019t want an excuse to break stuff in the name of research?\n\nWhat\u2019s the fun in just reading about an RCE? He wanted to see it wreak havoc \u2013 maybe launch a rogue application, or worse, wipe out his directories. At least, he wanted it to pop his calculator. In this post, He will walk you through his journey of reversing the Git RCE, from initial discovery to crafting a working exploit.\n\n\ud83d\udcdd Contents:\n\u25cf Basic Reconnaissance\n    \u2022 git under the hood\n    \u2022 Symlinks\n\u25cf Digging into the source code\n    \u2022 Inspecting builtin/submodule--helper.c\n    \u2022 Inspecting t/t7406-submodule-update.sh\n\u25cf Piecing everything together\n\u25cf Getting the RCE\n    \u2022 Weaponizing a GitHub repository\n\u25cf Working PoC\n\nhttps://amalmurali.me/posts/git-rce/", "creation_timestamp": "2024-05-20T08:15:43.000000Z"}