Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Git Gets Patched for Newly Found FlawGit Gets Patched for Newly Found Flaw
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Dark Reading Staff
October 10, 2018
1 Min Read
Organizations that use Git as a code repository are vulnerable to an attack through submodules and should update their code immediately. The vulnerability, described in CVE-2018-17456, can allow arbitrary code to be executed when a user clones a subdirectory containing malicious code.
The vulnerability - an option-injection attack - is described as quite similar to an earlier vulnerability in a GitHub blog post announcing the issue and its solution. That bug, CVE-2017-1000117, previously had been patched.
The option-injection flaw was reported through the GitHub Bug Bounty program on September 23, with a coordinated disclosure date of October 5.
GitHub Desktop, Atom, the CLI version of Git, and applications that might have embedded Git are all affected by the vulnerability. GitHub Enterprise and GitHub.com are not vulnerable to this flaw, however.
About the Author(s)
More Insights
Webinars
Tricks to Boost Your Threat Hunting Game
Nov 06, 2023Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023
