<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/59523>59523</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Exposed Dot git folder and files is reachable through the llvm.org URL
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          Fedora-m
      </td>
    </tr>
</table>

<pre>
    Hi team, I have found an Exposed dot git (.git) folders through llvm.org URLs. 
to be honest I don't know this is a bug or a normal behavior.
step to reproduce : 
By visiting this url and enter the /.git on the end of the url, however the  folders and files will appear which contain a lot of sensitive files  such as indexes and logs, config..etc 

1-https://releases.llvm.org/.git/ 

IMPACT : an attacker can abuse the application or the website by knowing this folders & files , 

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJxUU9GOpDYQ_Brz0gJhY4bhgYfd24yyUiJFUfIBjd2Acx4b2Wbm9u8jM-zc3gtg467uqnJhjGZ2RANrX1n7VuCWFh-GC2kfsLwWo9cfw-8GEuGViW_wDgveCCa_OQ3o4Lcfq4-kQfsEs0nAxLmaTWKih8lbTSFCWoLf5gWsvV0rH2b49-8_YgWsfmP1S_IwEizeUUzwDto7JroE352_Q1pMBBMBYdxm8AEQnA9XtDDSgjfjQ_UAiYlWSB4CrcHrTRGw5uVo8PoBNxNNMm5-AG7BAjoN5BIFSAsBE5c8M3i3L8lp8NP-uQWbSS_-Trfj8JNWxpiMpQh3Yy3guhIGuC9GLaC8S2gcIFifMlgkl2fIyu0lEDe1AEYwTtMPeqBZP8fcTnk3mbmqKKmDxOPJyyWlNbLmhYkLE5dAljBSrD6VPYgwcfmsE5y1r28Pb1j7xsT5V4gtUijNFWeKuXLZxryTxyeXKuWvTFw6eZJ900gmLqLuTrJueVdKzbGe9LmU2J5L2cuuRC2akvBE53pqOe_GanUzE_1XCu9__vXy7Z_dHnSAKaH6TgFUXuTWu8S4rtYoTMa77HreutMYTSIYP_ar8TTz0wwmToeyWcBHr0IPje6bHgsa-KnjddP3vCmWgTS2SGfe1u0ZpUR1lrUSSnE-aTm1p8IMohaCCy55J1veVIh1LzVyxbt6ElPPZE1XNPapfGFi3Gho-1Y0hcWRbNwTJYSjO-w_mRA5YGHINeW4zZHJ2pqYfvpXJJMsDZ-ZOnw7SH65cCZCIFQLjpae8coyfY1YsQU7_Or2w-HD1nz2eJVr8P-RyhdnHzUycdmp_B8AAP__UsNU9g">