CVE-2025-11148

Name of the Vulnerable Software and Affected Versions check-branches (affected versions not specified)

Description The software is susceptible to a command injection issue. The tool trusts branch names without sanitization and constructs git commands by concatenating user input. This allows attackers to execute arbitrary commands through maliciously crafted branch names, potentially gained through pull requests or privileged repository access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.