The vulnerability can be exploited on multi-user machines, where an attacker can prepare a local repository to look like a partial clone that is missing an object, causing Git to execute arbitrary code during the clone operation.