Login

Bjyda · 03-11-2021 , 10:30 PM

Quote:

Disclosed today is CVE-2021-21300 as a security vulnerability affecting git clone that could lead to specially crafted repositories being able to execute code during the Git clone process.

Git versions back to v2.15 are affected by this security vulnerability. Specially crafted repositories could execute code during the git clone process on case-insensitive file-systems supporting symbolic links. The vulnerability stems from clean/smudge filters being abused like those used by Git LFS.

Users are encouraged to upgrade to Git 2.30.2 as soon as possible or at the very least to disable support for symbolic links in Git or by disabling support for process filters. Or just don't go cloning from untrusted repositories.

More details on this Git clone vulnerability can be found via the [color=var(--theme-link_a)]GitHub blog although GitHub-hosted repositories are not affected by this vulnerability.[/color]

Source

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution	mrtrout	0	661	02-04-2024 , 06:49 AM Last Post: mrtrout
	McAfee researchers find you can clone a voice from just three seconds of audio	mrtrout	0	1,678	06-11-2023 , 12:11 AM Last Post: mrtrout
	PyPI removes 'mitmproxy2' over code execution concerns	mrtrout	0	701	10-12-2021 , 10:43 PM Last Post: mrtrout
	Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker	Bjyda	0	1,214	03-10-2021 , 12:14 AM Last Post: Bjyda
	VMware addresses Remote Code Execution issue in View Planner	Bjyda	0	1,300	03-05-2021 , 12:16 AM Last Post: Bjyda