This is a TLDR of the git bug.
There was a bug in git that affected the
git clone ssh://.. command would allow user to insert an executable within the URL and it would execute it.
Easiest way to check is to run this simple command:
git clone ssh://-oProxyCommand=notepad.exe/ temp
Notepad opens? You’re vulnerable.
What you want is this:
C:\git_ws> git clone ssh://-oProxyCommand=notepad.exe/ temp Cloning into 'temp'... fatal: strange hostname '-oProxyCommand=notepad.exe' blocked
If you are running Visual Studio 2017, make sure you have version
15.3.26730.8 or higher.
- Update Visual Studio through
Tools > Extensions and updates....
- Update git
Stay safe my friends.