CNNVD-202507-1024 Information
CNNVD ID
CNNVD-202507-1024
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Gitk是Git开源的一个Git自带的图形化工具,用于查看Git仓库的提交历史和分支结构等信息。 Gitk存在操作系统命令注入漏洞,该漏洞源于:克隆该存储库的用户可以通过调用 gitk filename 来诱骗运行攻击者提供的任何脚本。
Description (English)
Gitk is a graphical tool with Git from Git Open Source to view information such as the submission history and branch structure of the Git repository. Gitk had an operational system command that injected a loophole, which stemmed from the fact that a user who cloned the repository could lure any script that ran the attacker by calling gitk filename.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
git-annex
Published
2025-07-08
Last Modified
2026-02-24
References
https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129 https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27614 https://vigilance.fr/vulnerability/Gitk-code-execution-via-Filename-Particular-Structure-47663 https://nvd.nist.gov/vuln/detail/CVE-2025-27614