Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword

Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

Dec 18th, 2014 2:11pm by
Featued image for: Major Git Security Vulnerability Discovered Causing GitHub to Encourage Update to Git Clients

A major Git security vulnerability has been discovered and has forced GitHub to issue a warning and request for users to update their Git clients.

According to a GitHub blog post, the vulnerability affects “all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. ”

Due to the vulnerability, GitHub is encouraging all of its users of GitHub and GitHub Enterprise to update their Git clients and be “particularly careful when cloning or accessing Git repositories hosted on unsafe or untrusted hosts.”

Here’s how the vulnerability works:

Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

Bryan Helmkamp, CEO and Founder of CodeClimate said the attacks are significant for a number of reasons:

The blog post explains that Github verifies and blocks malicious trees that trigger the vulnerability. They say that means repositories on are protected. To further address the issue, GitHub has done a scan of existing content on  in search of “malicious content that might have been pushed to our site before this vulnerability was discovered.”

Updated versions of GitHub for Windows and GitHub for Mac are available for download.

According to GitHub, more details on the vulnerability can be found in the official Git mailing list announcement and on the git-blame blog.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.