- All Git versions prior to 2.7.4
Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository.
Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)