skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Git Vulnerabilities Result in User Credentials Exposure

/ 1 min read

🛠️ Git vulnerabilities expose user credentials through improper handling of messages. Security researcher RyotaK identified multiple vulnerabilities in Git’s credential retrieval protocol, notably a carriage return smuggling bug tracked as CVE-2025-23040, which allows malicious repositories to leak user credentials. This issue arises from discrepancies in how Git and GitHub Desktop parse URLs, leading to unintended credential exposure. Additional vulnerabilities, including CVE-2024-50338 and CVE-2024-53263, were also discovered in Git Credential Manager and Git LFS, respectively. Git has since implemented patches to address these flaws, including a new validation to reject URLs containing carriage return characters. The updates aim to enhance security and prevent future credential leaks.

Source
{entry.data.source.title}
Original