Git vulnerability announced! Upgrade your git client

  • By Ashwin M
  • December 19, 2014 - 1 min read

Git just announced a new release (ver 2.2.1) of the git client that fixes a vulnerability affecting all git users on Windows and Mac OSX operating systems. Github says this:

The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

We strongly encourage all users of GitHub and GitHub Enterprise to update their Git clients as soon as possible, and to be particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.

If you’re using homebrew, the process is very very simple:

brew doctor

brew update

brew upgrade git

You can download the latest clients for windows and OSX from the links provided. They have been patched for the vulnerability already.