Description |
- |
A security issue has been found in git before 2.41.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that. |
+ |
A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. This fixes the vulnerability in Git v2.20.0 and later where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that. |
|