Security vulnerability ( CVE-2018-11235)

[bobweston]

I'm curious if there is a patch available for this git security vulnerability?

"Git flaw leads to arbitrary code execution on users' PCs

Of these, CVE-2018-11235 is considered the most dangerous, as it allows a malicious actor to create a malformed Git repository containing a specially-built Git submodule.

Whenever a user clones this repository, because of the way Git clients handle this malicious Git submodule may allow an attacker to execute code on users' systems.

Git 2.17.1, released last night, should prevent the execution of these commands on users' computers.
Server-side fixes provided for Git hosting services

But patches aren't only rolled out to Git clients. A fix is also included for Git's server-side component. This server-side fix allows Git hosting services to recognize code repositories containing malicious submodules, and block users from uploading them in the first place.

Git hosting services like GitHub and Microsoft (via its Visual Studio Team Services) have already deployed the patches to prevent attackers from abusing their services."

https://www.bleepingcomputer.com/news/security/malicious-git-repository-can-lead-to-code-execution-on-remote-systems/

[LongLiveCHIEF]

This module does not utilize or control git in any way.