Newline Handling Issue in Git Credential Manager for Windows, macOS, and Linux

CVE-2024-50338

Summary

The Git Credential Manager (GCM), which facilitates secure authentication for Git operations, has an input validation issue due to differing newline interpretations between GCM and Git. This flaw allows attackers to craft malicious URLs that can exploit the credential handling mechanism when users interact with compromised repositories. Users need to remain vigilant, especially when cloning repositories with submodules using the '--recursive' option, increasing the risk of credential exposure.

References