Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs. References: https://kernel.googlesource.com/pub/scm/git/git/+/refs/tags/v2.24.1/Documentation/RelNotes/2.14.6.txt
Created git tracking bugs for this issue: Affects: fedora-all [bug 1781959]
oss-security mailing list reference: https://www.openwall.com/lists/oss-security/2019/12/13/1
External References: https://github.com/git/git/security/advisories/GHSA-44fr-r2hj-3f4x
Upstream fix: https://github.com/git/git/commit/6d8684161ee9c03bed5cb69ae76dfdddb85a0003
Statement: This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6, 7, and 8 as this is a Windows only issue and it does not affect the Linux versions of git.