Advisory #18
Titlegit-bug arbitrary code execution via malicious repository
CVE IDCVE-2021-28955
VendorMichael Muré
Affected productgit-bug
Affected versions- 0.7.1
Vulnerability typeCWE-427 (Uncontrolled Search Path Element)
Descriptiongit-bug for Windows has a vulnerability that allows the malicious repository to hijack git executable, which leads arbitrary code execution.
StatusFixed in 0.7.2
RecommendationUpdate to 0.7.2 or above