Merge branch 'ah/fix-open-with-stdin' - git - Mirror of https://git.kernel.org/pub/scm/git/git.git/

diff options

author	Johannes Sixt <j6t@kdbg.org>	2025-05-14 18:27:05 +0200
committer	Taylor Blau <me@ttaylorr.com>	2025-05-23 17:04:30 -0400
commit	4e7e3b792e6973e09de6ddc191b86bbc245c53dd (patch)
tree	b2ba96a1873441245fda2cc9df47af7aef9f24b7 /builtin/range-diff.c
parent	Git 2.43.6 (diff)
parent	gitk: encode arguments correctly with "open" (diff)
download	git-4e7e3b792e6973e09de6ddc191b86bbc245c53dd.tar.gz git-4e7e3b792e6973e09de6ddc191b86bbc245c53dd.zip

Merge branch 'ah/fix-open-with-stdin'

This addresses CVE-2025-27614, Arbitrary command execution with Gitk: A Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure. The script is run with the privileges of the user. Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Diffstat (limited to 'builtin/range-diff.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: