A critical security vulnerability affecting all versions of the official Git client and related software has been disclosed, which allows attackers to execute arbitrary commands on client machines by crafting malicious Git trees. This vulnerability impacts Git clients on case-insensitive or case-normalizing filesystems, specifically targeting those running on OS X (HFS+) and Microsoft Windows (NTFS, FAT), while Linux clients remain unaffected if operating on case-sensitive filesystems. GitHub and GitHub Enterprise users are urged to update their Git clients immediately and exercise caution when interacting with repositories from untrusted sources. GitHub has taken measures to block malicious trees on its platform and has scanned existing content for potential threats. Updated versions of GitHub for Windows and Mac, as well as the Git core and libraries like libgit2 and JGit, have been released with security fixes. Further details are available through the official Git mailing list announcement and the git-blame blog.