A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.