CNNVD-202507-1019 Information
CNNVD ID
CNNVD-202507-1019
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Gitk是Git开源的一个Git自带的图形化工具,用于查看Git仓库的提交历史和分支结构等信息。 Gitk存在操作系统命令注入漏洞,该漏洞源于当用户克隆不受信任的存储库并在没有附加命令参数的情况下运行 Gitk 时,可以创建和截断任何可写文件。
Description (English)
Gitk is a graphical tool with Git from Git Open Source to view information such as the submission history and branch structure of the Git repository. Gitk has an operating system command that fills a loophole, which arises when users clone untrusted repositories and run Gitk without additional command parameters, to create and intercept any written document.
Hazard Level
Critical
Vulnerability Type
操作系统命令注入
Affected Vendor
git-annex
Published
2025-07-08
Last Modified
2026-02-24
References
https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613