Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address command line injection in Git::Lib#fetch #569

Merged
merged 1 commit into from Apr 13, 2022

Conversation

jcouball
Copy link
Member

Signed-off-by: James Couball jcouball@yahoo.com

Your checklist for this pull request

🚨Please review the guidelines for contributing to this repository.

  • Ensure all commits include DCO sign-off.
  • Ensure that your contributions pass unit testing.
  • Ensure that your contributions contain documentation if applicable.

Description

This fixes issue #568

Signed-off-by: James Couball <jcouball@yahoo.com>
@jcouball
Copy link
Member Author

The "Ruby head on ubuntu-latest" build fails because of a problem with YARD. This issue has been fixed in YARD's head so that a new version of YARD will fix this problem.

Copy link

@frankthrock frankthrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@jcouball jcouball merged commit 291ca09 into master Apr 13, 2022
7 of 8 checks passed
@ykws
Copy link

ykws commented May 2, 2022

Great!
Is it pull request related to CWE-88, right?

fumito-ito added a commit to fumito-ito/Generamba that referenced this pull request May 6, 2022
ruby-git `<1.11.0` are vulnerable to Command Injection via git argument injection.
For more information, see ruby-git/ruby-git#569.
@jcouball jcouball deleted the fetch_command_injection branch December 12, 2022 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants