Gitk Arbitrary Command Execution Vulnerability

A vulnerability in Gitk, a Tcl/Tk-based Git history browser, allows for arbitrary command execution. This issue affects Gitk versions 2.41.0 through 2.50.0. The vulnerability arises from improper handling of file arguments, which can be exploited through social engineering. An attacker can craft a Git repository that, when cloned by a user and opened with Gitk, executes a script (such as a Bourne shell, Perl, or Python script) with the user's privileges.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with the privileges of the user running Gitk.

Reproduction

To reproduce this vulnerability, clone a Git repository that has been crafted to exploit this issue. Once the repository is cloned, open Gitk and invoke it with a filename that triggers the execution of the malicious script. The script will run with the user's privileges, demonstrating the vulnerability.

Remediation

Users can upgrade to Gitk versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1 to address this vulnerability.