GHSA-P3HW-MV63-RF9W gix's submodule name validation bypass + trust inheritance flaw enables path traversal and credential disclosure
Summary Submodule name validation bypass plus missing validation in production code paths allows path traversal via crafted .gitmodules. Combined with a trust inheritance flaw in Submodule::open, this enables reading arbitrary git repository configs including credentials from traversed paths with...