Kritiska Git klientu ievainojamība

K šorīt informēja par kritisku Git klientu ievainojamību, kas ļauj palaist ļaunprātīgu kodu uz lietotāja datora.

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.

Tā kā liekam virsū jaunākās Git versijas un dzīvojam bez stresa.

3 komentāri par “Kritiska Git klientu ievainojamība

Ieraksti komentāru

Tava e-pasta adrese netiks publicēta.