https://www.cvedetails.com/cve/CVE-2018-17456/ Git allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Vulnerability Version - before 2.14.5 - 2.15.x before 2.15.3 - 2.16.x before 2.16.5 - 2.17.x before 2.17.2 - 2.18.x before 2.18.1 - 2.19.x before 2.19.1 ---- 可以參考 https://blog.github.com/2018-10-05-git-submodule-vulnerability/ 除了不要亂連別人的連結之外 也不能亂 clone 別人的 Git Project 了 --

※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 106.1.224.240 ※ 文章網址: https://webptt.com/m.aspx?n=bbs/NetSecurity/M.1539009957.A.585.html