GitHub fixes safety flaw that allowed arbitrary code execution, Home windows unaffected

GitHub is the go-to code-sharing and internet hosting service for builders across the globe. The corporate was acquired by Microsoft in June for a large sum of $7.5 billion, though the EU is but to finalize the deal.

Now, GitHub has introduced that it was susceptible to a safety flaw that allowed arbitrary code execution. Though it has now mounted the difficulty, the corporate has famous that solely Unix platforms had been impacted by it.

A safety itemizing by GitHub says {that a} vulnerability in its software program allowed arbitrary code execution on the consumer platform if a particular command, specifically “git clone –recurse-submodules”, was executed. It explains that:

When working “git clone –recurse-submodules”, Git parses the equipped .gitmodules file for a URL discipline and blindly passes it as an argument to a “git clone” subprocess. If the URL discipline is about to a string that begins with a splash, this “git clone” subprocess interprets the URL as an choice. This could result in executing an arbitrary script shipped within the superproject because the consumer who ran “git clone”.

In a weblog publish, Microsoft has clarified that the issue was relevant to Unix-based platforms corresponding to Linux and macOS, or for individuals working git in a Linux distro in Home windows Subsystem for Linux (WSL). This is because of the truth that the file which is written to the disk when exploiting the vulnerability requires a colon in its title, and since colons are usually not supported in Home windows filesystems, Git for Home windows does not write the file.

The corporate has additionally famous that its Visible Studio merchandise which use Git on any platform (macOS, Home windows) are unaffected, however GitHub has nonetheless really useful customers to improve to Git model 2.17.2, 2.18.1 and a couple of.19.1, simply to be on the secure aspect.

Comments are closed.