CVE-2025-59046

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: interactive-git-checkout versions up to and including 1.1.4

Description: The interactive-git-checkout tool is an interactive command-line utility for checking out Git branches. Versions up to and including 1.1.4 are susceptible to a command injection issue. This occurs because the software utilizes the Node.js child process module’s exec() function to pass the branch name to the git checkout command without sufficient input validation or sanitization.

Recommendations: Update to a version after 1.1.4.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-14328

CVE-2025-59046

GHSA-4WCM-7HJF-6XW5

Affected Products

Interactive-Git-Checkout

CVE-2025-59046

Weakness Enumeration

Related Identifiers

Affected Products

References · 10