CVE-2022-42906

Name of the Vulnerable Software and Affected Versions powerline-gitstatus versions prior to 1.3.2

Description The issue allows for arbitrary code execution. Git repositories can contain configuration that alters git behavior, including running arbitrary commands. When using the affected software, changing to a directory automatically runs git commands to display repository information in the prompt. An attacker can exploit this by convincing a user to change their directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, allowing the attacker to run arbitrary commands.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of powerline-gitstatus in untrusted directories to minimize the risk of exploitation. Avoid using powerline-gitstatus in directories that may be controlled by an attacker until the issue is resolved.