github.com/michaelmure/git-bug is vulnerable to remote code execution. The vulnerability exists due to an uncontrolled search path element. An attacker may craft a malicious git.bat command, commit it and push it in a repository and it will be executed when it is searched.