Malicious URLs cause Git (v2.26.0) to present stored credentials to wrong server (opens in new tab)

Without upgrade, this might be exploited through package managers able to fetch from Git URLs (so NPM, Go Modules, and others).

Xcode 11.4.1 came out today and it appears to contain the fix for this.