"git clone" Hit By Vulnerability That Could Lead To Code Execution

[mood]

"git clone" Hit By Vulnerability That Could Lead To Code Execution

 

 

Disclosed today is CVE-2021-21300 as a security vulnerability affecting git clone that could lead to specially crafted repositories being able to execute code during the Git clone process.

Git versions back to v2.15 are affected by this security vulnerability. Specially crafted repositories could execute code during the git clone process on case-insensitive file-systems supporting symbolic links. The vulnerability stems from clean/smudge filters being abused like those used by Git LFS.

Users are encouraged to upgrade to Git 2.30.2 as soon as possible or at the very least to disable support for symbolic links in Git or by disabling support for process filters. Or just don't go cloning from untrusted repositories.

More details on this Git clone vulnerability can be found via the GitHub blog although GitHub-hosted repositories are not affected by this vulnerability.

 

 

Source: "git clone" Hit By Vulnerability That Could Lead To Code Execution