Skip to content
Commit ea0d7ef4 authored by Minjae Kim's avatar Minjae Kim Committed by Steve Sakoman
Browse files

git: fix CVE-2021-40330 

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character,
which may result in unexpected cross-protocol requests,
as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

Upstream-Status: Backport [https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473

]
CVE: CVE-2021-40330
Signed-off-by: default avatarMinjae Kim <flowergom@gmail.com>
Signed-off-by: default avatarSteve Sakoman <steve@sakoman.com>
parent abf73599
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment