Get the latest tech news
Breaking Git with a carriage return and cloning RCE
;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed version of git and other software that embeds Git (including GitHub Desktop).
tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. This legacy from the very early days of communications (carriage return was introduced by the Murray code in 1901!) This simple primitive is enough to confuse git, such that when it checks out a submodule the contents of it will be written to a different path.
Or read this on Hacker News