module
GitLens Git Local Configuration Exec
| Disclosed |
|---|
| Nov 14, 2023 |
Disclosed
Nov 14, 2023
Description
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git
commands. A repo may include its own .git folder including a malicious config file to
execute arbitrary code.
Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10
commands. A repo may include its own .git folder including a malicious config file to
execute arbitrary code.
Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.