When a Carriage Return Nearly Broke Git (And How You Can Stay Safe)
文章指出Git存在严重漏洞CVE-2025-48384,攻击者可借此运行恶意代码、窃取数据或在网络中潜伏。该漏洞源于子模块路径中未正确处理的回车符。文章详细解释了漏洞机制,并提供具体防护措施。 2025-9-7 14:46:34 Author: infosecwriteups.com(查看原文) 阅读量:11 收藏

S.Ali

Fix: Update Git immediately. Seriously.

Git is used by every developer in open source, in enterprise and even, in their personal projects. It’s been well tested for nearly two decades.

CVE-2025-48384, disclosed recently, a vulnerability in Git that allows attackers to run code on your machine, steal data, or quietly sneak around your network by exploiting unquoted carriage returns in submodule paths.

This article explains the vulnerability, mechanics, and specific mitigation steps to secure your Git environment.

How It Works

  • When Git reads a configuration value, it automatically strips any trailing carriage return (CR) or line feed (LF).
  • When writing a configuration entry that ends with a CR, Git fails to quote it properly. That rogue CR is stripped the next time the config is read.
  • During submodule initialization, a trailing CR in a submodule path can cause Git to misinterpret the location, checking out the submodule somewhere unintended.
  • If a symlink points this misdirected path to a sensitive location — like the submodule’s hooks directory — and the submodule contains an executable post-checkout hook, Git will unknowingly run it after…

文章来源: https://infosecwriteups.com/when-a-carriage-return-nearly-broke-git-and-how-you-can-stay-safe-42bb19a3783b?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh