Git security vulnerabilities announced

New versions of Git were released to address two security vulnerabilities, CVE-2024-50349 and CVE-2024-52006, which impact all previous versions. CVE-2024-50349 involves a vulnerability where an attacker can craft URLs with ANSI escape sequences to create misleading prompts, potentially tricking users into providing credentials for unauthorized Git hosts. CVE-2024-52006 exploits a line-based protocol used with credential helpers, allowing specially-crafted URLs to inject unintended values and misdirect passwords between servers. GitHub has responded by planning updates for GitHub Desktop, Git LFS, and Git Credential Manager, while also patching affected products like GitHub Codespaces and GitHub CLI. The vulnerabilities were reported by RyotaK, with fixes developed by Johannes Schindelin. To mitigate risks, users are advised to upgrade to Git 2.48.1 or take precautions such as avoiding certain clone commands and credential helpers.