USN-2835-1 git vulnerability
Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs.
The Cloud Foundry project released a new Cloud Foundry rootfs, cflinuxfs2 v.1.23.0, that has the patches.
Severity is medium unless otherwise noted.
Users of affected versions should apply the following mitigation: