{"vulnerability": "CVE-2023-23946", "sightings": [{"uuid": "19cf63a3-75f1-44ed-a53a-c456789c05c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23946", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5099", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExplanation and POC of the CVE-2023-23946\nURL\uff1ahttps://github.com/bruno-1337/CVE-2023-23946-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-07T10:15:16.000000Z"}, {"uuid": "7980b395-b5d2-418c-8117-af0042664cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23946", "type": "seen", "source": "https://t.me/cibsecurity/58165", "content": "\u203c CVE-2023-23946 \u203c\n\nGit, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T22:41:52.000000Z"}]}