Git Project Patches Remote Code Execution Vulnerability in Git | Cell Phone Spy and Mobile Tracking Software
6th October 2018, By Lawrence Abrams The Git Project announced yesterday a critical arbitrary code execution vulnerability in the Git command line client, Git Desktop, and Atom that could allow malicious repositories to remotely execute commands on a vulnerable machine. This vulnerability has been assigned the CVE-2018-17456 ID and is similar to a previous CVE-2017-1000117 option injection vulnerability. Like the previous vulnerability, a malicious repository can create a .gitmodules file that contains an URL that starts with a dash. By using a dash, when Git clones a repository using the --recurse-submodules argument, the command will interpret the URL as an option, which could then be used to perform remote code execution on the computer. Full Article. Take a look at the best antivirus, anti-malware, anti-spy, etc. software