Filip-Hejsek

**Name of the Vulnerable Software and Affected Versions** Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 **Description** The issue allows an attacker to execute arbitrary code when cloning repositories with submodules. This is possible because Git can be fooled into writing files not into the submodule's worktree but into a `.git/` directory, enabling the execution of a hook during the clone operation without the user's opportunity to inspect the code. If symbolic link support is disabled in Git, the attack won't work. It is recommended to avoid cloning repositories from untrusted sources. **Recommendations** To resolve the issue for each affected version, update Git to version 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, or 2.39.4, or later. As a temporary workaround, consider disabling symbolic link support in Git via `git config --global core.symlinks false`. For Git for Windows users, update Git by running "git update-git-for-windows".

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.45.1 Git versions prior to 2.44.1 Git versions prior to 2.43.4 Git versions prior to 2.42.2 Git versions prior to 2.41.1 Git versions prior to 2.40.2 Git versions prior to 2.39.4 Description: The issue exists due to a problem with process management in the Git revision control system. An attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. As a workaround, avoid cloning repositories from untrusted sources. Recommendations: For versions prior to 2.45.1, update to version 2.45.1 or later. For versions prior to 2.44.1, update to version 2.44.1 or later. For versions prior to 2.43.4, update to version 2.43.4 or later. For versions prior to 2.42.2, update to version 2.42.2 or later. For versions prior to 2.41.1, update to version 2.41.1 or later. For versions prior to 2.40.2, update to version 2.40.2 or later. For versions prior to 2.39.4, update to version 2.39.4 or later. As a temporary workaround, consider avoiding cloning repositories from untrusted sources until the issue is resolved.