Kev kho qhov tso tawm ntawm qhov kev faib tawm tswj qhov system Git 2.30.2, 2.17.6, 2.18.5, 2.19.6, 2.20.5, 2.21.4, 2.22.5, 2.23.4, 2.24.4, 2.25.5, 2.26.3. tau luam tawm .2.27.1, 2.28.1, 2.29.3 thiab 2021, uas tau kho qhov tsis muaj zog (CVE-21300-2.15) uas tso cai rau kev ua haujlwm hauv chaw taws teeb thaum cloning tus neeg tawm tsam lub chaw cia khoom siv "git clone" hais kom ua. Txhua qhov kev tso tawm ntawm Git txij li version XNUMX raug cuam tshuam.
Qhov teeb meem tshwm sim thaum siv cov kev khiav hauj lwm ncua sij hawm, uas yog siv nyob rau hauv qee cov lim dej huv, xws li cov teeb tsa hauv Git LFS. Qhov tsis muaj peev xwm tsuas yog siv rau ntawm cov ntaub ntawv tsis txaus ntseeg uas txhawb cov cim txuas, xws li NTFS, HFS + thiab APFS (piv txwv li ntawm Windows thiab macOS platforms).
Raws li kev ruaj ntseg workaround, koj tuaj yeem lov tes taw symlink ua hauv git los ntawm kev khiav "git config -global core.symlinks cuav", lossis lov tes taw cov txheej txheem lim kev txhawb nqa siv cov lus txib "git config -show-scope -get-regexp 'filter\.. * \.process'". Nws kuj raug pom zoo kom tsis txhob cloning unverified repositories.
Tau qhov twg los: opennet.ru