David Leadbeater

• Read: 09 Jul 2025
• Published: 09 Jul 2025

https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384

---

A vulnerability related to carriage return found in Git. On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution.

I briefly skimmed the blog post without actually going through the technical details, so just added this note for future reference. I came across this topic while browsering the article Git security vulnerabilities announced,

My thoughts on this topic:

The author mentioned that “This is not the first time the carriage return has caused issues for Git, in January RyotaK found issues with the credential helper protocol that could also be tricked with carriage returns.” I wonder if similar vulnerabilities can be found in other applications (like docker?)