Webtagr - Technology News Summarizer

Git Submodule Cloning Vulnerability: Remote Code Execution via CRLF Injection

2025-07-08

A vulnerability in Git allows attackers to achieve remote code execution on Unix-like systems by crafting a malicious .gitmodules file. The vulnerability exploits inconsistencies in how carriage return (CR) and line feed (LF) characters are handled. By injecting CRLF, an attacker can modify submodule paths, causing the submodule to clone into an unexpected directory, enabling code execution. This has been patched; update Git and embedded Git versions.

Giant Emojis in Your Terminal: A 1978 Tech Hack

2025-06-24

This article explores a clever way to display enlarged emojis in your terminal using the VT100's DECDHL escape sequence. By printing the top and bottom halves of an emoji on consecutive lines, you can achieve a vertical scaling effect. The article demonstrates how to combine different emojis to create novel results, such as merging an expressionless face and a face without a mouth into a new emoji. It also mentions Kitty terminal's more modern approach to resizing text. Overall, it's a fun and insightful look at manipulating emojis in the terminal, showcasing both vintage and modern terminal technology.

Ghostly CVE: A Terminal Emulator Security Bug in Ghostty

2025-01-01

A new terminal emulator, Ghostty, recently released version 1.0. Security researcher David Leadbeater discovered a vulnerability (CVE-2024-56803) similar to a 2003 CVE, allowing attackers to execute arbitrary code by exploiting the terminal's title querying functionality. The vulnerability leverages the in-band signaling nature of terminals and Zsh's behavior in vi mode. Attackers can use crafted escape sequences to execute malicious commands without the user's knowledge, even over SSH. Ghostty 1.0.1 fixes this, users are advised to upgrade or apply mitigations provided in the advisory.