This post originated from an RSS feed registered with Java Buzz by News Manager. Original Post: Critical vulnerability in Git clients puts developers at risk Feed Title: JavaWorld Feed URL: http://www.javaworld.com/index.rss Feed Description: JavaWorld.com: Fueling Innovation Latest Java Buzz Posts Latest Java Buzz Posts by News Manager Latest Posts From JavaWorld

A critical vulnerability in client software used to interact with Git, a distributed revision control system for managing source code repositories, allows attackers to execute rogue commands on computers used by developers.

The flaw affects the official Git client as well as third-party clients and software based on the original Git code. The issue only affects implementations running on Windows and Mac OS X, not Linux, because their file systems are case-insensitive -- NTFS and FAT for Windows and HFS+ for Mac OS X.

"An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine," engineers from GitHub, a code repository hosting service, said in a blog post Thursday.

To read this article in full or to leave a comment, please click here