Git case-sensitivity bug enabling malicious .git/config injection on Windows/Mac — can execute arbitrary code on clone/fetch. Update Git to 2.2.1+. Validate all git repositories cloned on case-insensitive filesystems in your environment.
Git and Mercurial allow remote code execution via crafted repositories that contain .git/config files with malicious values, affecting Windows and OS X clients.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →