web analytics

Git Project Patches Remote Code Execution Vulnerability in Git

6th October 2018, By Lawrence Abrams

 

Git header

 

The Git Project announced yesterday a critical arbitrary code execution vulnerability in the Git command line client, Git Desktop, and Atom that could allow malicious repositories to remotely execute commands on a vulnerable machine.

 

This vulnerability has been assigned the CVE-2018-17456 ID and is similar to a previous CVE-2017-1000117 option injection vulnerability. Like the previous vulnerability, a malicious repository can create a .gitmodules file that contains an URL that starts with a dash.

 

By using a dash, when Git clones a repository using the –recurse-submodules argument, the command will interpret the URL as an option, which could then be used to perform remote code execution on the computer.

 

Full Article.

Take a look at the best antivirus, anti-malware, anti-spy, etc. software