{"vulnerability": "CVE-2023-29007", "sightings": [{"uuid": "fc93361f-9be1-476a-b2e5-956227e348a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4251", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPoC repository for CVE-2023-29007\nURL\uff1ahttps://github.com/ethiack/CVE-2023-29007\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-26T14:35:07.000000Z"}, {"uuid": "d03909d1-9900-4e69-8ad0-ed3ce44e23c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/99", "content": "CVE-2023-29007", "creation_timestamp": "2023-04-27T07:07:37.000000Z"}, {"uuid": "1a783baa-0ab6-4484-aeb5-ac73a804d6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/98", "content": "https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007", "creation_timestamp": "2023-04-27T07:06:35.000000Z"}, {"uuid": "cfcf585e-738a-4f89-8f74-9d443c5b2a3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8390", "content": "#exploit\n1. CVE-2023-29007:\nGit Arbitrary Configuration Injection\nhttps://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007\n\n2. CVE-2020-0796:\nWindows Protocol TestSuites is to trigger BSoD\nhttps://github.com/Ajomix/CVE-2020-0796", "creation_timestamp": "2024-03-19T03:31:34.000000Z"}, {"uuid": "5512a7ea-387c-4a4d-a054-61d35a821893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "Telegram/r1PFadb90p6lTxGnl_f2N-hr-frtiZS7amPP7ck3RpMYFQ", "content": "", "creation_timestamp": "2023-04-27T09:53:54.000000Z"}, {"uuid": "66a37ae7-83cb-498e-9ddc-3421ceb74582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "Telegram/fV81_v8x36zAgCL91UuHBTq-t7A1rFWRsLJmOGWfzfBQXhM", "content": "", "creation_timestamp": "2023-05-23T08:55:19.000000Z"}, {"uuid": "e6376dba-ac2d-4928-a1fa-e8b0b44bcde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "seen", "source": "https://t.me/cibsecurity/62860", "content": "\u203c CVE-2023-29007 \u203c\n\nGit is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T00:25:22.000000Z"}, {"uuid": "280e94f1-5508-4b22-a256-03ab899555d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1468", "content": "CVE-2023-29007\nGit Arbitrary Configuration Injection\n*\nreadme\n*\nPOC exploit\n\n#git #exploit", "creation_timestamp": "2023-04-27T07:07:43.000000Z"}, {"uuid": "8af5d0a7-b3ea-4ed0-bb4f-09a28e235637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3331", "content": "CVE-2023-29007 |\u00a0Git Arbitrary Configuration Injection\n\nDownload: https://system32.ink/news-feed/p/314/", "creation_timestamp": "2023-04-27T09:52:54.000000Z"}, {"uuid": "ae80ac02-7162-4f8c-881f-fb912ada118e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29007", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}]}