From: Marc Deslauriers
Date: Apr 21, 2020 9:01PM
Date: Apr 21, 2020 9:01PM
Carlo Arenas discovered that Git incorrectly handled certain URLs
containing newlines, empty hosts, or lacking a scheme. A remote attacker
could possibly use this issue to trick Git into returning credential
information for a wrong host.
References:
https://usn.ubuntu.com/4334-1
CVE-2020-11008
沒有留言:
張貼留言