https://www.theregister.co.uk/2018/05/30/git_vulnerability_could_lead_to_an_attack_of_the_repo_clones/

A new version of Git has been emitted to ward off potential arbitrary code execution as a result of merely cloning a malicious repository.

CVE-2018-11235, reported by Etienne Stalmans, takes advantage of a flaw in Git whereby sub-module names supplied by the .gitmodules file are not properly validated when appended to $GIT_DIR/modules. Including "../" in a name could result in directory hopping. Post-checkout hooks could then be executed, potentially causing all manner of mayhem to ensue on the victim's system.