CVE-2020-12279: Improper Input Validation

April 27, 2020 (updated July 21, 2021)

An issue was discovered in libgit2 checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository.

References

nvd.nist.gov/vuln/detail/CVE-2020-12279

Code Behaviors & Features

Detect and mitigate CVE-2020-12279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →