Project Zero team found that a specially crafted URL could make the Git client into sending credential information of an alternative host to an attacker's host. In this case, the specially crafted URL needs to contain a newline character to trick the credential handling (performs url decoding on most possible url components, no additional validation) and sending the data off to an alternate host.

Updated Now : Credential protocol code is now forbidding newline characters in any values.

More : https://lore.kernel.org/lkml/...

  • 2
    New line threats are horrendous sometimes but my favourite is try seeing how many linux scripts you can break creating files starting with or containing space and then - something or with newlines.
Add Comment