Get the latest tech news

Breaking Git with a carriage return and cloning RCE


;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed version of git and other software that embeds Git (including GitHub Desktop).

tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. This legacy from the very early days of communications (carriage return was introduced by the Murray code in 1901!) This simple primitive is enough to confuse git, such that when it checks out a submodule the contents of it will be written to a different path.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of RCE

RCE

Photo of Git

Git

Photo of carriage return

carriage return

Related news:

News photo

Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks

News photo

Cisco warns of max severity RCE flaws in Identity Services Engine

News photo

High-risk WinRAR RCE vulnerability patched, update quickly!