Failed to reproduce the vulnerability.

[goldroad]

$ git clone --recursive [email protected]:amalmurali47/git_rce.git

Cloning into 'git_rce'... remote: Enumerating objects: 35, done. remote: Counting objects: 100% (1/1), done. remote: Total 35 (delta 0), reused 0 (delta 0), pack-reused 34 Receiving objects: 100% (35/35), 5.53 KiB | 5.53 MiB/s, done. Resolving deltas: 100% (12/12), done. warning: the following paths have collided (e.g. case-sensitive paths on a case-insensitive filesystem) and only one from the same colliding group is in the working tree:

'a' Submodule 'x/y' ([email protected]:amalmurali47/hook.git) registered for path 'A/modules/x' fatal: could not create leading directories of 'D:/git_rce/A/modules/x': Not a directory fatal: clone of '[email protected]:amalmurali47/hook.git' into submodule path 'D:/git_rce/A/modules/x' failed Failed to clone 'A/modules/x'. Retry scheduled fatal: could not create leading directories of 'D:/git_rce/A/modules/x': Not a directory fatal: clone of '[email protected]:amalmurali47/hook.git' into submodule path 'D:/git_rce/A/modules/x' failed Failed to clone 'A/modules/x' a second time, aborting

[JordanVegas]

i got this too.. were you able to reproduce?

[794628231]

me too

[amalmurali47]

@goldroad @JordanVegas @794628231 Make sure you're running Git Bash as Administrator on Windows. Also, this repo uses SSH URL for cloning, so unless you've setup SSH authentication, it won't work.

I've created another repository with submodules configured to use HTTPS instead of SSH:

git clone --recursive https://github.com/amalmurali47/demo_git_rce.git

This should work seamlessly without needing SSH setup. Let me know if you run into any other issues!