A security vulnerability in Git that can lead to arbitrary code execution

Posted on May 30, 2018

A security vulnerability in Git that can lead to arbitrary code execution

The Git community has disclosed an industry-wide security vulnerability in Git that can lead to arbitrary code execution when a user operates in a malicious repository. This vulnerability has been assigned CVE 2018-11235 by Mitre, the organization that assigns unique numbers to track security vulnerabilities in software. Git 2.17.1 and Git for Windows 2.17.1 (2) were released today and include this fix.

The Visual Studio Team Services (VSTS) team takes security issues very seriously, and we encourage all users to update their Git clients as soon as possible to fix this vulnerability. To further protect you, our team has blocked these types of malicious repositories from being pushed to VSTS.

This will ensure that we cannot be used as a vector for transmitting maliciously crafted repositories to users who have not yet patched their clients for this vulnerability.

Source: microsoft.com