CVE-2022-25866

CVE-2022-25866 affects the PHP Git library czproject/git-php prior to 4.0.3. The vulnerability lies in isRemoteUrlReadable($url, array $refs = NULL), where url and refs are passed to git ls-remote in a way that allows extra flags to be injected, enabling command execution. Documented impact is co...