Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
"git clone" Hit By Vulnerability That Could Lead To Code Execution
#1
Quote: 

Disclosed today is CVE-2021-21300 as a security vulnerability affecting git clone that could lead to specially crafted repositories being able to execute code during the Git clone process.

Git versions back to v2.15 are affected by this security vulnerability. Specially crafted repositories could execute code during the git clone process on case-insensitive file-systems supporting symbolic links. The vulnerability stems from clean/smudge filters being abused like those used by Git LFS.

Users are encouraged to upgrade to Git 2.30.2 as soon as possible or at the very least to disable support for symbolic links in Git or by disabling support for process filters. Or just don't go cloning from untrusted repositories.

More details on this Git clone vulnerability can be found via the [color=var(--theme-link_a)]GitHub blog
 although GitHub-hosted repositories are not affected by this vulnerability.
[/color]

Source 
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution mrtrout 0 663 02-04-2024 , 06:49 AM
Last Post: mrtrout
  McAfee researchers find you can clone a voice from just three seconds of audio mrtrout 0 1,681 06-11-2023 , 12:11 AM
Last Post: mrtrout
  PyPI removes 'mitmproxy2' over code execution concerns mrtrout 0 702 10-12-2021 , 10:43 PM
Last Post: mrtrout
  Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker Bjyda 0 1,216 03-10-2021 , 12:14 AM
Last Post: Bjyda
  VMware addresses Remote Code Execution issue in View Planner Bjyda 0 1,302 03-05-2021 , 12:16 AM
Last Post: Bjyda



Users browsing this thread: 2 Guest(s)