Vulnerability in Git: Remote Code Execution Risk with git clone --recursive
By
dgl
10mo ago· 7 min readenNews
100/100
Golden Brown
Bagelometer↗
Crisp on the outside, thoughtful on the inside. A keeper.
Score100TypenewsSentimentnegative
Summary
Using git clone --recursive on an untrusted repo on Unix-like platforms could lead to remote code execution, highlighting a vulnerability in Git. Users are advised to update to a fixed version of Git and related software like GitHub Desktop.
Key quotes
· 3 pulledIf you've ever used an old mechanical typewriter, you know that when you get to the end of the line there's a physical action to get back to the start of the line.
Sometimes this was done through an actual lever on the typewriter, later models had a button.
Because this action — the carriage return — was distinct from the line feed, it has its own character.
tl;dr: On Unix-like platforms, if you use git clone --recursive on an
untrusted repo, it could achieve remote code execution. Update to a fixed
version
of git and other software that embeds Git (including GitHub Desktop).
You might also wanna read
GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery
GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m
The Verge·1mo ago
VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers
A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot
cybersecuritynews.com·2d ago