•  
      request #28889 Harden calls to Git CLI against argument injection
    Infos
    #28889
    Thomas Gerbet (tgerbet)
    2022-11-08 08:56
    2022-10-10 12:07
    30463
    Details
    Harden calls to Git CLI against argument injection

    While none of our calls seems to be exploitable (at this time) to issue like CVE-2021-29472 there is no attempt to prevent it. It might be become ugly real fast if a new feature starts using the existing possibility offered by \Git_Exec in a different way.

    SCM/Git
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2022-10-13
    Attachments
    Empty
    References

    Follow-ups