CNNVD-202507-1029 Information
CNNVD ID
CNNVD-202507-1029
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Git是Git开源的一套免费、开源的分布式版本控制系统。 Git存在操作系统命令注入漏洞,该漏洞源于恶意存储库可以发送 sh.exe 或典型的 textconv 过滤程序的版本。在 Windows 上,路径查找可以在工作树中找到这样的可执行文件。
Description (English)
Git is a free, open source distributed version control system for Git open source. Git has an operating system command to inject a loophole, which results from a bad faith repository that can send a version of a sh.exe or a typical textconv filter. On Windows, the path search can find such an executable in the working tree.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
git-annex
Published
2025-07-08
Last Modified
2026-02-24
References
https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a1ccd2512072cf52835050f4c97a4fba9f0ec8f9 https://github.com/j6t/git-gui/security/advisories/GHSA-7px4-9hg2-fvhx https://vigilance.fr/vulnerability/Git-GUI-code-execution-via-sh-exe-astextplain-47664 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46334 https://nvd.nist.gov/vuln/detail/CVE-2025-46334