Malicious URLs cause Git (v2.26.0) to present stored credentials to wrong server

29 points by vwpolo3 6 years ago | 2 comments

vwpolo3 6 years ago |

Without upgrade, this might be exploited through package managers able to fetch from Git URLs (so NPM, Go Modules, and others).

lilyball 6 years ago |

Xcode 11.4.1 came out today and it appears to contain the fix for this.

vwpolo3 6 years ago |

Without upgrade, this might be exploited through package managers able to fetch from Git URLs (so NPM, Go Modules, and others).

lilyball 6 years ago |

Xcode 11.4.1 came out today and it appears to contain the fix for this.