CVE-2025-66219

Name of the Vulnerable Software and Affected Versions willitmerge versions 0.2.1 and prior

Description willitmerge is a command line tool used to check if pull requests are mergeable. A command injection issue exists because the software uses an insecure child process execution API (exec) and concatenates user-supplied data to it. User input, whether provided through command-line flags or controlled within the target repository, is not properly sanitized before being used in the exec function. This allows for potential arbitrary command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.