AIKIDO-2025-10833
github.com/gogs/git-module is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
61
Medium Risk
This Affects:
github.com/gogs/git-moduleTL;DR
Affected versions of this package are vulnerable to Argument Injection due to the absence of the --end-of-options flag in repository operations, such as those in repo.go, repo_diff.go, repo_commit.go, and others, which could allow user-supplied input to be misinterpreted as command-line options. An attacker might exploit this by crafting malicious input that injects unauthorized options, potentially leading to arbitrary command execution, data disclosure, or repository manipulation, depending on the context and permissions of the affected commands.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/gogs/git-module is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in versions 1.0.0 - 1.8.4.
How to fix this
Upgrade the github.com/gogs/git-module library to the patch version.
Links
GitHub Releases
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant