Git, the widely used open source version control software, has patched a serious security vulnerability which could have led to remote code execution attacks. Security researcher Etienne Stalmans found and reported the bug that might have allowed malicious code to be cloned into Git repositories.
Git v2.17.1 and older maintenance tracks now include a patch for the flaw, as well as for another vulnerability related to sanity-check pathnames on NTFS that could have resulted in reading out-of-bounds memory.
Microsoft has applied a fix for the Git vulnerability to Visual Studio Team Server.