CVE-2025-52480

Name of the Vulnerable Software and Affected Versions: Registrator versions prior to 1.9.5

Description: The issue concerns a GitHub app that automates creation of registration pull requests for julia packages. If the clone URL returned by GitHub is malicious, an argument injection is possible in the gettreesha() function, potentially leading to remote code execution.

Recommendations: For all versions prior to 1.9.5, upgrade immediately to version 1.9.5 to receive a patch. As a temporary workaround, consider restricting the use of the gettreesha() function until the patch is applied.