CRITICAL · CVSS 9.0
CVE-2024-32002 — Git RCE via case-insensitive filesystem
Git submodule clone with case-confusing names allows hook execution outside .git/.
Affects
- Git < 2.45.1 on case-insensitive filesystems (macOS, Windows)
What an attacker does
Malicious repo with submodule named '.GIT' + a HOOK file. Cloning on macOS/Windows triggers hook execution.
How to detect
git --version
How to fix
Upgrade Git to 2.45.1+
Securie findingcritical · CVSS 9.0
CVE-2024-32002How Securie catches CVE-2024-32002
Securie's static-rules scans Git version in .gitmodules + dev-dependency manifests.
Scan my repo for CVE-2024-32002 →Securie reviews every PR · proves real issues · opens verified fix PRs