CVE-2025-52483

Name of the Vulnerable Software and Affected Versions: Registrator versions prior to 1.9.5

Description: The issue concerns a GitHub app that automates creation of registration pull requests for julia packages. A shell script injection can occur within the withpasswd function if the clone URL returned by GitHub is malicious. Alternatively, an argument injection is possible in the gettreesha function, which can lead to a potential remote code execution (RCE).

Recommendations: For all versions prior to 1.9.5, upgrade immediately to version 1.9.5 to receive a fix. As a temporary workaround, consider restricting the use of the withpasswd and gettreesha functions until the issue is resolved.