Siidaynta saxda ah ee nidaamka xakamaynta isha qaybsan Git 2.35.2, 2.30.3, 2.31.2, 2.32.1, 2.33.2 iyo 2.34.2 ayaa la daabacay, kuwaas oo hagaajiya laba dayacan:
- CVE-2022-24765 - Nidaamyada isticmaaleyaal badan oo leh hagitaan la wadaago, weerar ayaa la aqoonsaday kaasoo horseedi kara fulinta amarada uu qeexay isticmaale kale. Weeraryahanku waxa uu ka abuuri karaa hagaha β.gitβ meelaha ay ku dul habsan yihiin isticmaalayaasha kale (tusaale ahaan, hagayaasha la wadaago ama hagayaasha leh faylal ku meel gaadh ah) oo waxa uu geli karaa faylka qaabaynta β.git/configβ oo ay la socdaan qaabaynta maamulayaasha oo loo yaqaan marka Hawlaha qaarkood waa la fuliyaa.git amarrada (tusaale ahaan, waxaad isticmaali kartaa core.fsmonitor parameter si aad u habayso fulinta code).
Maamulayaasha lagu qeexay ".git/config" waxaa loogu yeeri doonaa xuquuqda isticmaale kale haddii isticmaalaha uu isticmaalo git tusaha ku yaal heer ka sarreeya ".git"-hoosaadka uu sameeyay weeraryahanku. Wicitaanku waxa kale oo loo samayn karaa si dadban, tusaale ahaan, marka la isticmaalayo tifaftirayaasha code ee taageera git, sida VS Code iyo Atom, ama marka la isticmaalayo add-ons ordaya "git status" (tusaale, Git Bash ama posh-git). Gudaha Git 2.35.2, nuglaanshaha waxaa lagu xannibay isbeddelo lagu sameeyay macquulnimada raadinta ".git" ee hagayaasha hoose (tusaha ".git" hadda lama tixgalinayo haddii uu leeyahay isticmaale kale).
- CVE-2022-24767 waa nuglaanta gaarka ah ee madal Windows ah oo u ogolaanaysa fulinta koodka mudnaanta NIDAAMKA marka la wado hawlgalka Uninstall ee barnaamijka Git ee Windows. Dhibka waxaa keenay xaqiiqda ah in uninstallerku ku shaqeeyo hage ku meel gaadh ah oo ay qoraan isticmaalayaasha nidaamka. Weerarka waxa lagu fuliyaa iyadoo la geliyo beddelka DLL-yada hagaha ku meel gaadhka ah, kaas oo la rari doono marka uninstaller la bilaabo xuquuqda NIDAAMKA.
Source: opennet.ru