
Malicious URLs cause Git (v2.26.0) to present stored credentials to wrong server - vwpolo3
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
======
vwpolo3
Without upgrade, this might be exploited through package managers able to
fetch from Git URLs (so NPM, Go Modules, and others).

------
lilyball
Xcode 11.4.1 came out today and it appears to contain the fix for this.

