Vulnerability Description

On April 15, Git issued a security bulletin announcing a vulnerability that could reveal Git user credentials (CVE-2020-5260). Git uses a credential helper to store and retrieve credentials. But when a URL contains an encoded newline (%0a), it may inject unexpected values into the protocol stream of the credential helper.  This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Users should take preventive measures as soon as possible. (more…)