Git security vulnerabilities announced

Git has released new versions to address seven security vulnerabilities that affect all previous versions, including issues that could lead to arbitrary code execution through improper handling of configuration values, bundles, and credential storage. Specifically, vulnerabilities were found in Git's handling of submodules, bundles, and credential helpers on Windows, as well as in the Gitk and Git GUI tools, which are graphical interfaces for interacting with Git repositories. These vulnerabilities, identified by contributors such as David Leadbeater, Avi Halachmi, and others, could allow attackers to execute arbitrary code if users interact with malicious repositories or files. Users are advised to upgrade to Git 2.50.1 to mitigate these risks, and GitHub has proactively scheduled updates for its services like GitHub Desktop and GitHub Codespaces.