Lucene search
K

5 matches found

NVD
NVD
added 3 hours ago5 views

CVE-2026-49987

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References3
Cvelist
Cvelist
added 4 hours ago7 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References3
CVE
CVE
added 4 hours ago14 views

CVE-2026-49987

CVE-2026-49987 affects Repomix (npm) where the function execGitShallowClone uses the --remote-branch value directly in git fetch/checkout calls. The input can be injected to pass arbitrary git options (e.g., --upload-pack) to local or SSH transports, enabling remote command execution with the use...

7.5CVSS6.2AI score0.00066EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/01 7:0 p.m.5 views

repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection

Vulnerability Metadata | Field | Detail | | --- | --- | | Affected Component | src/core/git/gitCommand.ts execGitShallowClone | | Impact | Arbitrary Command Execution / Security Control Bypass | Summary The --remote-branch CLI option in repomix is vulnerable to argument injection. User-supplied...

7.5CVSS6.2AI score0.00066EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-55215

Name of the Vulnerable Software and Affected Versions Repomix versions prior to 1.14.1 Description Repomix is vulnerable to argument injection via the --remote-branch CLI option. The application passes the value of the remoteBranch variable directly to git fetch and git checkout subprocesses with...

8.8CVSS6.3AI score0.00066EPSS
Exploits0References5
Rows per page
Query Builder