A flaw in Git submodule name validation makes it possible for a remote attacker to execute arbitrary code on developer machines. Additionally, an attacker could get access to portion of system memory. Both vulnerabilities have been already patched in Git 2.17.1, 2.16.4, 2.15.2, and other versions.

As reported by security researcher Etienne Stalmans, unpatched versions of Git do not validate submodule names, thus

A remote repository can return specially crafted data to create or overwrite files on the target user’s system when the repository is cloned, causing arbitrary code to be executed on the target user’s system

Specifically, Git mirrors submodules inside the $GIT_DIR/modules directory under the directory whose named defined in $GIT_DIR/.gitmodules . By crafting the content of the .gitmodules file, it is thus possible to embed ../ into a submodule name to trick Git into writing the submodule outside of the repo. Coupled with a malicious post-checkout hook, this makes it possible to run malicious code immediately after cloning a repo.

The fix to this behaviour is enforcing some rules for submodule names which will make any non-compliant name to be ignored by Git. Basically, .. are not allowed, nor are symbolic links. This will make sure the submodule directory is not stored outside of $GIT_DIR .

Stalmans stated he could execute remote code on GitHub Pages exploiting this vulnerability, although no exploits in the wild have been reported.

The second patched vulnerability is specific to repos that use the NTFS file system and makes it possible to trick NTFS path sanity-checks so an attacker can read random memory contents.

The Git community has promptly provided fixes for both vulnerabilities in version 2.13.7 of Git, which have also been ported to 2.14.4, 2.15.2, 2.16.4, and 2.17.1. Furthermore, as an additional security level, those releases will reject pushes to repositories containing problematic .gitmodules files. This is meant to:

help hosting sites protect their customers with older clients by preventing malicious contents from spreading.

GitHub and other code hosting services have already patched their system.