https://www.cvedetails.com/cve/CVE-2018-17456/
Git allows remote code execution during processing of a recursive "git clone" of a superproject if
a .gitmodules file has a URL field beginning with a '-' character.
Vulnerability Version
- before 2.14.5
- 2.15.x before 2.15.3
- 2.16.x before 2.16.5
- 2.17.x before 2.17.2
- 2.18.x before 2.18.1
- 2.19.x before 2.19.1
----
可以參考 https://blog.github.com/2018-10-05-git-submodule-vulnerability/
除了不要亂連別人的連結之外 也不能亂 clone 別人的 Git Project 了
--
Git allows remote code execution during processing of a recursive "git clone" of a superproject if
a .gitmodules file has a URL field beginning with a '-' character.
Vulnerability Version
- before 2.14.5
- 2.15.x before 2.15.3
- 2.16.x before 2.16.5
- 2.17.x before 2.17.2
- 2.18.x before 2.18.1
- 2.19.x before 2.19.1
----
可以參考 https://blog.github.com/2018-10-05-git-submodule-vulnerability/
除了不要亂連別人的連結之外 也不能亂 clone 別人的 Git Project 了
--
All Comments