Compromise On Checkout - Vulnerabilities in SCM Tools · The Recurity LablogThe Recurity Lablog Posts computer security, research, reverse engineering and high level considerations First Round: Git LFS In mid May 2017, I was about to go on my two month parental leave, when I stumbled across a nifty vulnerability in Git LFS, which is developed by the fine people at GitHub. The actual vulnerability was shockingly simple: Git LFS can be configured (partially) by a .lfsconfig
