Git patching: version control system issues fixes to mitigate RCE

Git patch

Git maintainer Junio C Hamano has informed users about the availability of v2.30.2, a new version which addresses remote code execution (RCE) security issues filed under CVE-2021-21300

Patches for older maintenance tracks are also available via v2.17.6, v2.18.5, v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4, v2.24.4, v2.25.5, v2.26.3, v2.27.1, v2.28.1, and v2.29.3.

If left unmitigated, the vulnerability allows specially crafted repositories containing symbolic links and files using clean/smudge filters like Git LFS to execute code locally during a clone operation. The problem only affects teams on case insensitive file systems such as NTFS, HFS+, or APFS, but as this includes the default file systems on Microsoft Windows and macOS, an update is very much recommended.

Workarounds for the problem include the disabling of symbolic link support and not using the filters mentioned, though Windows users are reminded that Git for Windows configures GitLFS by default.

- Advertisement -