A vulnerability in Git could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient validation of .gitmodules files by the affected software. An attacker could exploit this vulnerability by creating a project containing a .gitmodules file that has a URL field beginning with a – character and persuading a user to run the git clone –recurse-submodules command to clone the project. An exploit could allow the attacker to execute arbitrary code on the system.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Git has confirmed the vulnerability and released software updates.
Security Impact Rating: High