Reference: CERT-EU Security Advisory 2016-121 Title: UPDATE Remote Code Execution in all git versions (client + server) < 2.7.1 Version: 17/03/2016 Corrigendum initial publication typos Short Summary -------------- A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees.. For server exploitation, perpetrator will need write access in order to push remote git repository. For client exploitation, any local user allowed to execute git client command can trigger the vulnerability by cloning a repository with large filenames. CVE reference: CVE-2016-2324, CVE-2016-2315 Affected platforms: git (client + server) < 2.7.1 Date found: 2016-03-16 Security risk: High Vendor Status: Notified / Patch available Systems affected ----------------- git (client + server) < 2.7.1 Impact ------- The successful exploitation of a vulnerable client or server allows the attacker to execute code on the targeted system. Solutions ---------- Upgrade to version 2.7.1 Additional References ----------------------- https://ma.ttias.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324-cve-2016-2315/ https://git-scm.com/ CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383