CVE-2026-49987 in repomixinformation

Résumé

par MITRE • 15/07/2026

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection that bypasses validateGitUrl() dangerous parameter checks and can execute commands through local or SSH-style transports. This issue is fixed in version 1.14.1.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

GitHub M

Réserver

02/06/2026

Divulgation

15/07/2026

Modérer

accepté

Entrée

VDB-379361

CPE

prêt

EPSS

0.00000

KEV

non

Activités

très faible

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!