CVE-2022-25648

Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0

Description The issue is related to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set, which can be used to perform a command injection. This allows a remote attacker to execute arbitrary code.

Recommendations For git versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the fetch function with remote parameters to minimize the risk of exploitation. Avoid using the remote parameter in the affected fetch function until the issue is resolved.