Sakin gyarawa na tsarin sarrafa tushen rarraba Git 2.30.2, 2.17.6, 2.18.5, 2.19.6, 2.20.5, 2.21.4, 2.22.5, 2.23.4, 2.24.4, 2.25.5, 2.26.3 an buga .2.27.1, 2.28.1, 2.29.3 da 2021, wanda ya kafa wani rauni (CVE-21300-2.15) wanda ke ba da damar aiwatar da lambar nesa lokacin rufe ma'ajiyar maharan ta amfani da umarnin "git clone". Duk abubuwan da aka saki na Git tun daga sigar XNUMX an shafa su.
Matsalar tana faruwa lokacin amfani da ayyukan dubawa da aka jinkirta, waɗanda ake amfani da su a wasu matatun tsaftacewa, kamar waɗanda aka saita a Git LFS. Za'a iya amfani da raunin kawai akan tsarin fayil marasa hankali waɗanda ke tallafawa hanyoyin haɗin gwiwa, kamar NTFS, HFS+ da APFS (watau akan dandamali na Windows da macOS).
A matsayin tsarin tsaro, zaku iya musaki aikin symlink a cikin git ta hanyar gudanar da “git config —global core.symlinks false”, ko kuma musaki tallafin tacewa ta amfani da umarnin “git config —show-scope —get-regexp 'filter\ .. * \.tsari'". Hakanan ana ba da shawarar don guje wa ma'ajiyar da ba a tantance ba.
source: budenet.ru