Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » EGit / JGit » CVE-2022-41903, and CVE-2022-23521
CVE-2022-41903, and CVE-2022-23521 [message #1857186] Mon, 23 January 2023 08:27 Go to next message
Eclipse UserFriend
Good Morning guys.
Is JGit also susceptible to these vulnerabilities?

Can't post URL:

www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/
github.blog/2023-01-17-git-security-vulnerabilities-announced-2/
Re: CVE-2022-41903, and CVE-2022-23521 [message #1857188 is a reply to message #1857186] Mon, 23 January 2023 09:43 Go to previous message
Eclipse UserFriend
JGit is written purely in Java so it is not possible to arbitrarily corrupt memory (or the heap) as is possible in native git's C/C++ implementation which is exploited in the CVEs you mention.
Previous Topic:How to set GIT_LFS_SKIP_SMUDGE=1 for CloneCommand
Next Topic:Git-upload-pack not permitted on Github
Goto Forum:
  


Current Time: Wed May 21 11:55:19 EDT 2025

Powered by FUDForum. Page generated in 0.03386 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly