CVE-2020-11008 : Security Advisory and Response
Learn about CVE-2020-11008 affecting Git versions < 2.17.5 to >= 2.26.2. Discover how malicious URLs can exploit Git, potentially leaking private credentials to unauthorized servers.
Affected versions of Git have a vulnerability where Git can be tricked into sending private credentials to an attacker-controlled host. This bug is similar to CVE-2020-5260. The issue arises from specially-crafted URLs that can cause Git to send a blank pattern to helpers, potentially leaking passwords to an attacker's server.