in this case it arrives to you through apache, which gives git the contents of the files it requests, just like the filesystem does when you clone a repo off a usb pendrive. there's no git-specific code running on the server when you clone that url
there is, however, a faster 'smart http' git cloning protocol which apache can't participate in, and that is indeed a potential attack surface. i don't think any of the bugs i linked upthread were in that protocol though
there is, however, a faster 'smart http' git cloning protocol which apache can't participate in, and that is indeed a potential attack surface. i don't think any of the bugs i linked upthread were in that protocol though