Git users, listen up! Security researchers found three critical vulnerabilities in Git’s system that could allow attackers to potentially take control of your computer. These vulnerabilities, identified as CVE-2022-41903, CVE-2022-23521, and CVE-2022-41953, could be exploited through actions like cloning or pulling code repositories.
The good news is that patches are already available for the first two vulnerabilities (CVE-2022-41903 & CVE-2022-23521). Updating your Git version to 2.30.7 or later will protect you.
For the third vulnerability (CVE-2022-41953), there’s a workaround: avoid using the Git GUI to clone repositories and don’t clone from untrusted sources in the first place.
If updating isn’t an option right now, there are temporary measures you can take. Disabling “git archive” on untrusted repositories is possible with the command “git config –global daemon.uploadArch false”. Additionally, if you use “git daemon”, disable it when working with untrusted repositories.
The bottom line: GitLab strongly recommends updating to the latest version (2.39.1 as of now) to fully protect your system. Don’t wait to patch these vulnerabilities!
