Git Gets Patched for Newly Found Flaw

  /     /     /  
Publicated : 23/11/2024   Category : security


Git Gets Patched for Newly Found Flaw


A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.



Organizations that use Git as a code repository are vulnerable to an attack through submodules and should update their code immediately. The vulnerability, described in CVE-2018-17456, can allow arbitrary code to be executed when a user clones a subdirectory containing malicious code.
The vulnerability - an option-injection attack - is described as quite similar to an earlier vulnerability in a GitHub blog post announcing the issue and its solution. That bug, CVE-2017-1000117, previously had been patched.
The option-injection flaw was reported through the GitHub Bug Bounty program on September 23, with a coordinated disclosure date of October 5.
GitHub Desktop, Atom, the CLI version of Git, and applications that might have embedded Git are all affected by the vulnerability. GitHub Enterprise and GitHub.com are not vulnerable to this flaw, however.
For more, read
here
,
here
, and
here
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Git Gets Patched for Newly Found Flaw