https://www.cvedetails.com/cve/CVE-2018-17456/ Git allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Vulnerability Version - before 2.14.5 - 2.15.x before 2.15.3 - 2.16.x before 2.16.5 - 2.17.x before 2.17.2 - 2.18.x before 2.18.1 - 2.19.x before 2.19.1 ---- 可以参考 https://blog.github.com/2018-10-05-git-submodule-vulnerability/ 除了不要乱连别人的连结之外 也不能乱 clone 别人的 Git Project 了 --

※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 106.1.224.240 ※ 文章网址: https://webptt.com/cn.aspx?n=bbs/NetSecurity/M.1539009957.A.585.html