Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. References: https://kernel.googlesource.com/pub/scm/git/git/+/refs/tags/v2.24.1/Documentation/RelNotes/2.14.6.txt CREATE(Triage):(User=admin) [CVE-2019-1387|https://nvd.nist.gov/vuln/detail/CVE-2019-1387]