Critical GitHub Security Bug Urges Windows Users to Update, Allows Unauthorized Command Execution

By: Madeleine Dean
2 minute read

A security bug in the official Git client for Windows and Mac might let unauthorized commands to be executed on users’ systems. Fortunately, a patch is already available and all users need to update as soon as possible in order to avoid possible attacks.
This recent bug constitutes such a severe threat because it gives access to Git repositories and it affects all version of the Git client as well as all compatible software. Special attention should be given when cloning or accessing Git repositories that are hosted on dubious locations because this is where the security bug may be hiding.

Operating systems with case-insensitive file systems are those that are affected. The malicious code operates by causing the Git to overwrite its own .git/config file when the system is cloning or checking out a repository.

“The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.”, informs the official statement.

The good news is that is safe because administrators always check the trees in the source code when they are added. Moreover, all content on the repository has been double checked in order to eliminate any possible bug that could have somehow creeped in. However, remain wary of doubtful hosting locations because security verification is faulty there.

We have also completed an automated scan of all existing content on to look for malicious content that might have been pushed to our site before this vulnerability was discovered. This work is an extension of the data-quality checks we have always performed on repositories pushed to our servers to protect our users against malformed or malicious Git data.

UpdatedGitHub versions are now available for download for Windows  and Mac. All users are urged to update in order to keep their systems safe.

READ ALSO: Windows XP is now a Very Easy Target for Hackers, Windows 10 Update is Mandatory

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).


Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading