Gitoxide gix-submodule Command Injection Vulnerability

A command injection vulnerability has been identified in the Gitoxide gix-submodule component, affecting versions prior to 0.82.0. The issue arises from improper validation of the update field in .gitmodules files. This flaw allows attackers to bypass the CommandForbiddenInModulesConfiguration guard, particularly when a submodule has been initialized with only partial configuration in the local .git/config file. Exploitation involves injecting arbitrary shell commands through the update field in .gitmodules, which are executed during the submodule update process, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the system where the affected Gitoxide-based tool is run, specifically during the submodule update process.

Reproduction

To reproduce this vulnerability, first clone a repository that uses Gitoxide. After initializing the submodules, an attacker can add a malicious command to the .gitmodules file. When the 'gix::Submodule::update()' method is called, the injected command will be executed, demonstrating the command injection flaw.

Remediation

Users can upgrade to Gitoxide version 0.82.0 or later, where this vulnerability has been patched.