![]() By replacing this file with a bad file, git commands can be remapped in order to execute arbitrary commands that run under the user's credentials. The user’s config file resides outside the repository. The file is named in such a way that when a user downloads the changes in a remote repository, a specially crafted file could silently replace the user's config file. This issue allows for the introduction of a file into a Git repo. The issue that affects all Git clients was discovered by the core Git maintainers. Nevertheless, we took important, proactive steps to help make sure that Microsoft customers who use Git repositories are protected against this issue. This is an issue that manifests across the Git ecosystem and that is not unique to Microsoft support for Git repositories in our development platforms. This, in turn, prevents repos that contain bad files from affecting the user's local computer. This prevents the introduction of bad files into hosted repos.įor the Visual Studio client, the fix prevents any file from being checked out into the. Update for Visual Studio TFS 2013 Update 4 (KB3023304)įor Team Foundation Server (TFS), the fix rejects any push (upload) that contains a file or path component that matches the ".git" string. Update for Visual Studio TFS 2013 (KB3023302) Update for Visual Studio 2013 (KB3023576)
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |