Merge branch 'ah/fix-open-with-stdin' - git - Mirror of https://git.kernel.org/pub/scm/git/git.git/

diff options

author	Johannes Sixt <j6t@kdbg.org>	2025-07-08 20:46:24 +0200
committer	Johannes Sixt <j6t@kdbg.org>	2025-07-08 20:48:25 +0200
commit	0c8be6f09043e152493e369be8469d645098469f (patch)
tree	575776e3f68d86c02699d30adb1f2e6f81762f03 /git-gui/lib/class.tcl
parent	Merge branch 'top-panel-search-highlight' of github.com:bnfour/gitk (diff)
parent	gitk: encode arguments correctly with "open" (diff)
download	git-0c8be6f09043e152493e369be8469d645098469f.tar.gz git-0c8be6f09043e152493e369be8469d645098469f.zip

Merge branch 'ah/fix-open-with-stdin'

This addresses CVE-2025-27614, Arbitrary command execution with Gitk: A Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure. The script is run with the privileges of the user. * ah/fix-open-with-stdin: gitk: encode arguments correctly with "open" Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Diffstat (limited to 'git-gui/lib/class.tcl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: