HEX
Server: nginx/1.26.1
System: Linux main-vm 5.15.0-153-generic #163-Ubuntu SMP Thu Aug 7 16:37:18 UTC 2025 x86_64
User: root (0)
PHP: 8.2.19
Disabled: NONE
Upload Files
File: //proc/thread-self/root/usr/share/doc/git/RelNotes/2.17.4.txt
Git v2.17.4 Release Notes
=========================

This release is to address the security issue: CVE-2020-5260

Fixes since v2.17.3
-------------------

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.