Jcharaoui

**Name of the Vulnerable Software and Affected Versions** powerline-gitstatus versions prior to 1.3.2 **Description** The issue allows for arbitrary code execution. Git repositories can contain configuration that alters git behavior, including running arbitrary commands. When using the affected software, changing to a directory automatically runs git commands to display repository information in the prompt. An attacker can exploit this by convincing a user to change their directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, allowing the attacker to run arbitrary commands. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of powerline-gitstatus in untrusted directories to minimize the risk of exploitation. Avoid using powerline-gitstatus in directories that may be controlled by an attacker until the issue is resolved.