Developer Kate Murphy found a bug in the Git version control system that could lead to system crashes. She discovered that if a Git repository has just twelve 4 KB objects, entering a command to clone it can result in a de facto denial-of-service. “I wasn’t looking for this bug in particular I was just exploring how Git handles weird situations,” Murphy said. She added that the bug illustrates the sorts of problems that can occur with continuous integration tools.
Murphy reported the bug to GitHub and received a bug bounty from Hackerone. GitHub has released an update that fixes the bug.