Update to 2.35.3 (release notes)
This release addresses CVE-2022-24765. Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in
C:\.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs
git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad "escape hatch" is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
*can be used as the value for the
safe.directoryvariable to signal that the user considers that any directory is safe.
sudo dnf upgrade --refresh --advisory=FEDORA-2022-3759ebabd2
Please login to add feedback.