CVE-2021-44685

Name of the Vulnerable Software and Affected Versions: Git-it versions through 4.4.0

Description: The issue allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name, which is not sanitized for execution.

Recommendations: For versions through 4.4.0, as a temporary workaround, consider disabling the execution of the reflog command with unsanitized branch names until a patch is available. Restrict access to the Branches Aren't Just For Birds challenge step to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.