Git Vulnerabilities: Leaked Secrets Threaten Open Source
Git accesses login credentials that are stored in system-specific credential helpers. It uses a text-based protocol that works over normal input and output using lines written as key-value pairs.
Both Git as well as the credential helper interpret these messages, which are described by newline characters and some safeguards are implemented to prevent property injection.
RyotaK discovered a vulnerability in GitHub Desktop’s feature that automatically offers credentials to a Git client. This flaw allows a malicious repository with a specially crafted URL to explore the credentials of the users.
This vulnerability has been identified as CVE-2025-23040 and it is an issue in a carriage return smuggling bug. It arises from inconsistencies in how line separations are handled in the Git credentials protocol as compared to the regular expression specifications in ECMAScript.
Because of this discrepancy, when the malicious URL is processed, Git and GitHub Desktop interpret the host differently. This leads the latter to accidentally disclose the GitHub account’s login information instead of the intended client.
The security researcher who named the exploit, Clone2Leak also found a related security issue in Git Credential Manager. It is a cross-platform credential helper for Git which is tracked as CVE-2024-50338.
As RyotaK notes, both vulnerabilities come from the credential helper’s mishandling of the carriage return character.
Git effectively blacks newline injections, however, Git LFS which is an extension designed to manage large files operates as a child process of Git and employs a function. This function allows newline characters, potentially allowing the attackers to avoid the defenses of Git. This vulnerability is recorded as CVE-2024-53263.
GitHub explains, “When using a credential helper, Git uses a line-based protocol to pass information between itself and the credential helper. A specially-crafted URL containing a carriage return can be used to inject unintended values into the protocol stream, causing the helper to retrieve the password for one server while sending it to another.”