A series of critical vulnerabilities have been uncovered across various Git-related projects, revealing flaws in how credentials are handled and potentially allowing malicious actors to leak sensitive user data.
The vulnerabilities, stemming from improper handling of message delimiters in the Git Credential Protocol, impact tools such as GitHub Desktop, Git Credential Manager, Git LFS, GitHub CLI, and GitHub Codespaces.
Credential Handling Flaws Exploited by Input Manipulation
The Git Credential Protocol enables Git to retrieve stored credentials using a credential helper. These helpers follow a “key=value” format to exchange messages.
However, improper parsing and unexpected handling of special characters such as newline (\n) and carriage return (\r) led to vulnerabilities in several tools.
A key issue lies in differences between Git’s strict protocol handling and the behavior of libraries or regular expressions used in related projects.
For example, in GitHub Desktop, an improper regular expression parsing within its “trampoline” credential helper allowed malicious repositories to exploit carriage return smuggling (CVE-2025-23040).
A malicious actor could craft submodule URLs with %0d (carriage return) tokens, causing GitHub Desktop to misinterpret the host and leak credentials during authentication.
Similarly, Git Credential Manager, built on .NET, exhibited a vulnerability (CVE-2024-50338) due to the use of the StreamReader class.
The class incorrectly interpreted line-endings, allowing attackers to inject carriage return characters into the message, bypassing Git’s stringent newline restrictions.
While Git’s internal credential mechanism blocks newline injections as a defense mechanism, Git LFS (Large File Storage) an extension of Git introduced vulnerabilities in how it processed URLs specified in .lfsconfig files found in repositories (CVE-2024-53263).
Malformed URLs containing newline characters could pass through Git’s validation but still trigger leaks when processed by credential helpers.
For example, by specifying a malicious URL in .lfsconfig with newline injection, attackers could alter the interpretation of host and protocol fields.
According to the Flatt Security, this flaw could result in credential helpers supplying the wrong credentials, exposing sensitive tokens to untrusted endpoints.
Strengthened Protections with Git’s Defense-in-Depth Approach
To address the broader risk of newline or carriage return manipulation, Git has introduced a new configuration: credential.protectProtocol.
This option, enabled by default, rejects URLs containing carriage return characters, directly mitigating potential protocol injection risks (CVE-2024-52006).
Git LFS implemented similar protections to ensure credentials stay secured during helper communication.
Beyond newline-related exploits, GitHub CLI demonstrated logic flaws affecting enterprise token handling (CVE-2024-53858).
The tokenForHost function treated non-GitHub domains as enterprise hosts, inadvertently exposing access tokens to potentially untrusted endpoints when cloning malicious repositories via GitHub Codespaces.
In Codespaces, a simplistic credential helper script returned tokens without validating the requested host.
This oversight allowed attackers hosting repositories on non-GitHub domains to obtain GitHub tokens used by Codespaces.
These findings underscore the importance of robust validation mechanisms in text-based protocols.
Misalignments between protocol specifications and implementation details, even minor ones, can lead to significant security breaches.
Developers are urged to ensure strict compliance with protocol rules and introduce validation layers to prevent injection and misinterpretation.
