CVE-2021-28955

Name of the Vulnerable Software and Affected Versions: git-bug versions prior to 0.7.2

Description: The issue is related to an Uncontrolled Search Path Element, which can lead to the execution of a malicious git.bat command from the current directory in certain PATH situations, most often seen on Windows. This can happen when a malicious user crafts a git.bat command, commits it, and pushes it to a repository. Later, when git-bug searches for the git binary, the malicious executable can take priority and be executed. This issue occurs on Windows and other operating systems with a badly configured PATH.

Recommendations: For versions prior to 0.7.2, update to version 0.7.2 as soon as possible to fix the issue. As a temporary workaround, consider restricting the use of the vulnerable component or avoiding the execution of git.bat from the current directory until the update is applied.