2 matches found
CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...
CVE-2026-49987
creationtimestamp| type| source ---|---|--- 2026-07-01 20:35:09+00:00| published-proof-of-concept| https://github.com/yamadashy/repomix/security/advisories/GHSA-9mm9-rqhj-j5mx...