mirror of
https://github.com/git/git.git
synced 2025-12-23 12:14:22 +01:00
4e7e3b792e
This addresses CVE-2025-27614, Arbitrary command execution with Gitk: A Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure. The script is run with the privileges of the user. Signed-off-by: Johannes Sixt <j6t@kdbg.org>