CVE-2019-1351

Description

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

References

Link	Tags
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351	patch vendor advisory
https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html	third party advisory vendor advisory
https://security.gentoo.org/glsa/202003-30	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-1351?: CVE-2019-1351 has been scored as a high severity vulnerability.
How to fix CVE-2019-1351?: To fix CVE-2019-1351, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-1351 being actively exploited in the wild?: It is possible that CVE-2019-1351 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~17% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-1351?: CVE-2019-1351 affects Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8), Microsoft Microsoft Visual Studio 2017, Microsoft Microsoft Visual Studio 2019, Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3).

Description

Category

CWE-706 – Use of Incorrectly-Resolved Name or Reference

References

Frequently Asked Questions