This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Critical Git Vulnerabilities Discovered in Source Code Security Audit
A source code security audit has led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.
The results of the security audit, sponsored by OSTIF and conducted by X41 and GitLab, were made public this week.
Git could be a tempting target for threat actors as a vulnerability affecting the system could be exploited to compromise developer systems or source code repositories.
The security holes found during the audit included two critical-, one high-, one medium- and four low-severity bugs, with the auditors also sharing more than two dozen informational notes. The critical vulnerabilities have been assigned the CVE identifiers CVE-2022-23521 and CVE-2022-41903.