Category: Security, Microsoft
source
Remediating the October 2018 Git Security VulnerabilityToday, the Git project has announced a security vulnerability: there is a security issue in recursively cloning submodules that can lead to arbitrary code execution.
This includes Git clients on Unix platforms (including Linux and macOS) are vulnerable, including git running in a Linux distribution inside Windows Subsystem for Linux.
Specificially, Visual Studio 2017 includes a version of Git for Windows (not impacted by this vulnerability) to perform version control Since Git for Windows.
Earlier versions of Visual Studio, and Visual Studio for Mac, are not affected as they make use of the libgit2 framework, which is not vulnerable to this security issue.
Other tools, including Visual Studio Code, do not include a distribution of Git but instead rely on the version of Git installed on your machine.
This includes Git clients on Unix platforms (including Linux and macOS) are vulnerable, including git running in a Linux distribution inside Windows Subsystem for Linux.
Specificially, Visual Studio 2017 includes a version of Git for Windows (not impacted by this vulnerability) to perform version control Since Git for Windows.
Earlier versions of Visual Studio, and Visual Studio for Mac, are not affected as they make use of the libgit2 framework, which is not vulnerable to this security issue.
Other tools, including Visual Studio Code, do not include a distribution of Git but instead rely on the version of Git installed on your machine.