Git -- Execute arbitrary code

2015-09-23T00:00:00
ID 7F645EE5-7681-11E5-8519-005056AC623E
Type freebsd
Reporter FreeBSD
Modified 2015-12-12T00:00:00

Description

Git release notes:

Some protocols (like git-remote-ext) can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources (e.g., .gitmodules files in a remote repository), and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to well known and safe ones.