Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to leak users’ credentials, security researcher RyotaK says. Git retrieves login information stored in system-specific credential helpers using the credential protocol. RyotaK discovered that a feature in GitHub Desktop that automatically supplies credentials to a Git client contains a vulnerability that allows a malicious repository pointing to a crafted URL to leak the credential. To resolve this issue, Git added a new validation to the credential protocol, which will reject URLs that contain the carriage return character. Git announced patches for the issue on January 14. 

Read more: https://www.securityweek.com/git-vulnerabilities-led-to-credentials-exposure/