Test ID:	1.3.6.1.4.1.25623.1.1.2.2022.1520
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for git (EulerOS-SA-2022-1520)
Summary:	The remote host is missing an update for the Huawei EulerOS 'git' package(s) announced via the EulerOS-SA-2022-1520 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'git' package(s) announced via the EulerOS-SA-2022-1520 advisory. Vulnerability Insight: Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code, any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.(CVE-2021-29468) Affected Software/OS: 'git' package(s) on Huawei EulerOS V2.0SP10(x86_64). Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-29468 https://github.com/me-and/Cygwin-Git/security/advisories/GHSA-rmp3-wq55-f557 https://cygwin.com/pipermail/cygwin-announce/2021-April/010018.html https://github.com/me-and/Cygwin-Git/blob/main/check-backslash-safety.patch https://lore.kernel.org/git/CA+kUOa=juEdBMVr_gyTKjz7PkPt2DZHkXQyzcQmAWCsEHC_ssw@mail.gmail.com/T/#u
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.