4 matches found
Arbitrary Code Execution
github.com/github/git-sizer is vulnerable to Arbitrary Code Execution. The vulnerability is due to the misconfiguration of the system's PATH environment variable, which can allow malicious executables to be inadvertently run when commands are executed if the current directory is placed before the...
GO-2022-0424 On Windows, `git-sizer` might run a `git` executable within the repository being analyzed in github.com/github/git-sizer
On Windows, git-sizer might run a git executable within the repository being analyzed in github.com/github/git-sizer...
GHSA-57Q7-RXQQ-7VGP On Windows, `git-sizer` might run a `git` executable within the repository being analyzed
Impact On Windows, if git-sizer is run against a non-bare repository, and that repository has an executable called git.exe, git.bat, etc., then that executable might be run by git-sizer rather than the system git executable. An attacker could try to use social engineering to get a victim to run...
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed
Impact On Windows, if git-sizer is run against a non-bare repository, and that repository has an executable called git.exe, git.bat, etc., then that executable might be run by git-sizer rather than the system git executable. An attacker could try to use social engineering to get a victim to run...