Improper handling of messages in Git’s credential retrieval protocol could have allowed attackers to leak users’ credentials, security researcher RyotaK says.

Git retrieves login information stored in system-specific credential helpers using the credential protocol, which is text-based over standard input/output and relies on lines of key-value pairs.

Both Git and the credential helper parse the messages, which are separated by a newline character and certain protections are in place to prevent property injection.

RyotaK discovered that a feature in GitHub Desktop that automatically supplies credentials to a Git client contains a vulnerability that allows a malicious repository pointing to a crafted URL to leak the credential.

Tracked as CVE-2025-23040, the issue is a carriage return smuggling bug, and exists due to differences in how lines are separated in the Git credential protocol and in the specification of the regular expression in the ECMAScript.

Because of the difference, when the crafted URL is parsed, Git and GitHub Desktop recognize the host differently with the later returning the login information for the GitHub account instead of the client.

The security researcher, who named the attack Clone2Leak, discovered a similar security defect in Git Credential Manager, a cross-platform credential helper for Git, tracked as CVE-2024-50338. Both flaws result from the credential helper improperly handling the carriage return character, RyotaK notes.

While Git prevents newline injections, Git LFS, an extension for large file management that is spawned as the child process of Git, uses a function that allows the newline character, which can be abused to bypass Git’s protections. The vulnerability is tracked as CVE-2024-53263.

To resolve the carriage return smuggling bugs, Git added a new validation to the credential protocol, which will reject URLs that contain the carriage return character. Git announced patches for the issue, tracked as CVE-2024-52006, on January 14.

“When using a credential helper, Git uses a line-based protocol to pass information between itself and the credential helper. A specially-crafted URL containing a carriage return can be used to inject unintended values into the protocol stream, causing the helper to retrieve the password for one server while sending it to another,” GitHub explains.

Git version 2.48.1 resolves the issue, also addressing CVE-2024-50349, a vulnerability that allows attackers to craft URLs containing ANSI escape sequences and construct misleading prompts that could trick users into providing credentials to the attackers.

“When Git needs to fill in credentials interactively without the use of a credential helper, it prints out the hostname and asks the user to fill in the appropriate username/password pair for that host. However, Git prints out the hostname after URL-decoding it,” GitHub notes.

While crediting RyotaK for reporting CVE-2024-50349 and CVE-2024-52006, GitHub announced that GitHub Desktop version 3.4.12 patches CVE-2025-23040, Git LFS version 3.6.1 fixes CVE-2024-53263, and Git Credential Manager version 2.6.1 patches CVE-2024-50338.

Previously, similar vulnerabilities were found in GitHub Codespaces and the GitHub CLI, one that leaked credentials when cloning a malicious repository on GitHub Codespaces using GitHub CLI, and another that leaked the GitHub token because Git failed to properly validate ‘host’ parameters.

Related: GitHub Patches Critical Vulnerability in Enterprise Server

Related: Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW

Related: Threat Actors Increasingly Using VBA Purging in Attacks

Related: Polymer Launches Solution to Avoid Data Leaks via Collaboration Tools