Linux Today: Linux News On Internet Time.

Git Releases Security Update With Newline Character Creating Possible Credential Leak

Apr 15, 2020, 15:00 (0 Talkback[s])
(Other stories by Michael Larabel)

A member of Google's Project Zero team discovered that a specially crafted URL could trick the Git client into sending credential information for an alternative host to an attacker's host.

In this case, the specially crafted URL just needs to contain a newline character (end of line control character) to fool the credential handling on existing Git releases to potentially sending the data off to an alternate host.

Complete Story

Related Stories: